CVSS: 9.3EPSS: 92%CPEs: 20EXPL: 0CVE-2015-6107
https://notcve.org/view.php?id=CVE-2015-6107
The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10 Gold and 1511, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2013 SP1, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability." La librería font Windows en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT Gold y 8.1, Windows 10 Gold y 1511, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2013 SP1 y Live Meeting 2007 Console permiten a atacantes remotos ejecutar código arbitrario a través de una fuente embebida manipulada, también conocida como 'Graphics Memory Corruption Vulnerability'. • http://www.securitytracker.com/id/1034331 http://www.securitytracker.com/id/1034332 http://www.securitytracker.com/id/1034333 http://www.securitytracker.com/id/1034336 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-128 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 46%CPEs: 11EXPL: 0CVE-2015-6106
https://notcve.org/view.php?id=CVE-2015-6106
The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2013 SP1, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability." La librería font de Windows en Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2013 SP1 y Live Meeting 2007 Console permite a atacantes remotos ejecutar código arbitrario a través de una fuente embebida manipulada, también conocida como 'Graphics Memory Corruption Vulnerability'. • http://www.securitytracker.com/id/1034331 http://www.securitytracker.com/id/1034332 http://www.securitytracker.com/id/1034333 http://www.securitytracker.com/id/1034336 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-128 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 8%CPEs: 36EXPL: 0CVE-2015-6108
https://notcve.org/view.php?id=CVE-2015-6108
The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6; Skype for Business 2016; Lync 2010; Lync 2013 SP1; Live Meeting 2007 Console; and Silverlight 5 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability." La librería font Windows en Microsoft Windows Vista SP2; Windows Server 2008 SP2 y R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold y R2; Windows RT Gold y 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2 y 4.6; Skype for Business 2016; Lync 2010; Lync 2013 SP1; Live Meeting 2007 Console y Silverlight 5 permiten a atacantes remotos ejecutar código arbitrario a través de una fuente embebida manipulada, también conocida como 'Graphics Memory Corruption Vulnerability'. • http://www.securitytracker.com/id/1034329 http://www.securitytracker.com/id/1034330 http://www.securitytracker.com/id/1034331 http://www.securitytracker.com/id/1034332 http://www.securitytracker.com/id/1034333 http://www.securitytracker.com/id/1034336 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-128 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 65%CPEs: 8EXPL: 0CVE-2015-6093 – Microsoft Office Word TTF Size Miscalculation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6093
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word Automation Services en SharePoint Server 2010 SP2 y 2013 SP1, Office Web Apps 2010 SP2 y Office Web Apps Server 2013 SP1 permiten a atacantes remotos ejecutar código arbitrario a través de un documento Office manipulado, también conocida como 'Microsoft Office Memory Corruption Vulnerability'. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of name tables in an embedded TTF file. Incorrect processing of a size value can cause Word to copy too much data and corrupt memory. • http://www.securityfocus.com/bid/77491 http://www.securitytracker.com/id/1034118 http://www.securitytracker.com/id/1034122 http://www.zerodayinitiative.com/advisories/ZDI-15-539 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 71%CPEs: 10EXPL: 1CVE-2015-2510 – Microsoft Office 2007 - 'OGL.dll' ValidateBitmapInfo Bounds Check Failure (MS15-097)
https://notcve.org/view.php?id=CVE-2015-2510
Buffer overflow in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "Graphics Component Buffer Overflow Vulnerability." Vulnerabilidad de desbordamiento de Buffer en Adobe Type Manager Library en Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1 y Live Meeting 2007 Console, permite a atacantes remotos ejecutar código arbitrario a través de una fuente OpenType manipulada, también conocida como 'Graphics Component Buffer Overflow Vulnerability.' A bounds check crash was observed in Microsoft Office 2007 Excel with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 or 2013. • https://www.exploit-db.com/exploits/38217 http://www.securityfocus.com/bid/76593 http://www.securitytracker.com/id/1033485 http://www.securitytracker.com/id/1033500 http://www.securitytracker.com/id/1033501 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-097 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •