| Vulnerability Name: | CVE-2015-6106 (CCN-108224) | ||||||||
| Assigned: | 2015-12-08 | ||||||||
| Published: | 2015-12-08 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2013 SP1, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability." | ||||||||
| CVSS v3 Severity: | 9.6 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) 8.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-6106 Source: CCN Type: Microsoft Security Bulletin MS15-128 Security Update for Microsoft Graphics Component to Address Remote Code Execution (3104503) Source: CCN Type: Microsoft Security Bulletin MS16-035 Security Update for .NET Framework to Address Security Feature Bypass (3141780) Source: CCN Type: Microsoft Security Bulletin MS16-120 Security Update for Microsoft Graphics Component (3192884) Source: CCN Type: Microsoft Security Bulletin MS16-155 Security Update for .NET Framework (3205640) Source: CCN Type: Microsoft Security Bulletin MS17-013 Security Update for Microsoft Graphics Component (4013075) Source: SECTRACK Type: UNKNOWN 1034331 Source: SECTRACK Type: UNKNOWN 1034332 Source: SECTRACK Type: UNKNOWN 1034333 Source: SECTRACK Type: UNKNOWN 1034336 Source: MS Type: UNKNOWN MS15-128 Source: XF Type: UNKNOWN ms-graphics-cve20156106-code-exec(108224) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||