Vulnerability Name: CVE-2015-6108 (CCN-108227) Assigned: 2015-12-08 Published: 2015-12-08 Updated: 2019-05-15 Summary: The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6; Skype for Business 2016; Lync 2010; Lync 2013 SP1; Live Meeting 2007 Console; and Silverlight 5 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability." CVSS v3 Severity: 9.6 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H )8.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-119 Vulnerability Consequences: Gain Access References: Source: MITRE Type: CNACVE-2015-6108 Source: CCN Type: Microsoft Security Bulletin MS15-128Security Update for Microsoft Graphics Component to Address Remote Code Execution (3104503) Source: CCN Type: Microsoft Security Bulletin MS16-035Security Update for .NET Framework to Address Security Feature Bypass (3141780) Source: CCN Type: Microsoft Security Bulletin MS16-120Security Update for Microsoft Graphics Component (3192884) Source: CCN Type: Microsoft Security Bulletin MS16-155Security Update for .NET Framework (3205640) Source: CCN Type: Microsoft Security Bulletin MS17-013Security Update for Microsoft Graphics Component (4013075) Source: SECTRACK Type: Third Party Advisory, VDB Entry1034329 Source: SECTRACK Type: Third Party Advisory, VDB Entry1034330 Source: SECTRACK Type: Third Party Advisory, VDB Entry1034331 Source: SECTRACK Type: Third Party Advisory, VDB Entry1034332 Source: SECTRACK Type: Third Party Advisory, VDB Entry1034333 Source: SECTRACK Type: Third Party Advisory, VDB Entry1034336 Source: MS Type: Patch, Vendor AdvisoryMS15-128 Source: XF Type: UNKNOWNms-graphics-cve20156108-code-exec(108227) Vulnerable Configuration: Configuration 1 :cpe:/a:microsoft:live_meeting:2007:*:*:*:*:*:*:* OR cpe:/a:microsoft:lync:2010:*:*:*:*:*:*:* OR cpe:/a:microsoft:lync:2013:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:office:2007:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:office:2010:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:silverlight:5.0:*:*:*:*:*:*:* OR cpe:/a:microsoft:skype_for_business:2016:*:*:*:*:*:*:* OR cpe:/a:microsoft:word_viewer:-:*:*:*:*:*:*:* Configuration 2 :cpe:/o:microsoft:windows_7:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp2:*:*:*:*:*:* Configuration 3 :cpe:/a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.0:-:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.5:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.5.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.6:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp2:*:*:*:*:*:* Configuration 4 :cpe:/a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_7:-:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* Configuration 5 :cpe:/a:microsoft:.net_framework:3.5:-:*:*:*:*:*:* AND cpe:/o:microsoft:windows_10:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:microsoft:word_viewer:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:* OR cpe:/a:microsoft:.net_framework:3.5:-:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:itanium:* OR cpe:/a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.0:-:*:*:*:*:*:* OR cpe:/o:microsoft:windows_7:-:sp1:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_7:*:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* OR cpe:/a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:office:2007:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:silverlight:5.0:*:*:*:*:*:*:* OR cpe:/a:microsoft:lync:2010:*:*:*:attendee:*:*:* OR cpe:/a:microsoft:.net_framework:4.5:*:*:*:*:*:*:* OR cpe:/a:microsoft:lync:2010:*:*:*:*:*:x32:* OR cpe:/a:microsoft:lync:2010:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_8:-:-:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_8:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:* OR cpe:/a:microsoft:lync:2013:-:x64:*:*:*:*:* OR cpe:/a:microsoft:lync_basic:2013:-:*:*:*:*:x64:* OR cpe:/a:microsoft:office:2010:sp2:*:*:*:*:x64:* OR cpe:/a:microsoft:office:2010:sp2:x32:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_8.1:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.5.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.6:*:*:*:*:*:*:* OR cpe:/a:microsoft:lync_basic:2013:sp1:*:*:*:*:x32:* OR cpe:/a:microsoft:lync:2013:sp1:*:*:*:*:x64:* OR cpe:/a:microsoft:lync_basic:2013:sp1:*:*:*:*:x64:* Denotes that component is vulnerable BACK
microsoft live meeting 2007
microsoft lync 2010
microsoft lync 2013 sp1
microsoft office 2007 sp3
microsoft office 2010 sp2
microsoft silverlight 5.0
microsoft skype for business 2016
microsoft word viewer -
microsoft windows 7 - sp1
microsoft windows 8 -
microsoft windows 8.1 -
microsoft windows rt -
microsoft windows rt 8.1 -
microsoft windows server 2008 - sp2
microsoft windows server 2008 r2 sp1
microsoft windows server 2008 r2 sp1
microsoft windows server 2012 -
microsoft windows server 2012 r2
microsoft windows vista - sp2
microsoft .net framework 3.0 sp2
microsoft .net framework 4.0
microsoft .net framework 4.5
microsoft .net framework 4.5.1
microsoft .net framework 4.5.2
microsoft .net framework 4.6
microsoft windows server 2008 - sp2
microsoft windows vista - sp2
microsoft .net framework 3.5.1
microsoft windows 7 - sp2
microsoft windows server 2008 r2 sp1
microsoft .net framework 3.5
microsoft windows 10 -
microsoft windows 8 -
microsoft windows 8.1 -
microsoft windows server 2012 -
microsoft windows server 2012 r2
microsoft word viewer *
microsoft windows vista * sp2
microsoft windows vista * sp2
microsoft windows server 2008 sp2
microsoft windows server 2008 sp2
microsoft .net framework 3.5
microsoft windows server 2008
microsoft .net framework 3.5.1
microsoft .net framework 4.0
microsoft windows 7 - sp1
microsoft windows 7 * sp1
microsoft windows server 2008 r2
microsoft windows server 2008 r2
microsoft .net framework 3.0 sp2
microsoft office 2007 sp3
microsoft silverlight 5.0
microsoft lync 2010
microsoft .net framework 4.5
microsoft lync 2010
microsoft lync 2010
microsoft windows 8 - -
microsoft windows 8 *
microsoft windows server 2012
microsoft windows rt -
microsoft lync 2013 -
microsoft lync basic 2013 -
microsoft office 2010 sp2
microsoft office 2010 sp2
microsoft windows 8.1 - -
microsoft windows 8.1 *
microsoft windows server 2012 r2
microsoft windows rt 8.1 *
microsoft .net framework 4.5.1
microsoft .net framework 4.5.2
microsoft .net framework 4.6
microsoft lync basic 2013 sp1
microsoft lync 2013 sp1
microsoft lync basic 2013 sp1