Back to CVE Browser

CVE-2015-2431

CRITICAL

9.3

CVSS Severity Score

EPSS Score0.0240%

EPSS Percentile5.59th

PublishedAug 15, 2015

Last ModifiedMay 6, 2026

Vulnerability Description

Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office Graphics Library (OGL) font, aka "Microsoft Office Graphics Component Remote Code Execution Vulnerability."

Affected Platforms (CPE)

📦

Microsoft

Live Meeting

= 2007

📦

Microsoft

Lync

= 2010

📦

Microsoft

Lync

= 2010

📦

Microsoft

Lync

= 2010

📦

Microsoft

Lync Basic

= 2013

📦

Microsoft

Lync Basic

= 2013

📦

Microsoft

Office

= 2010

📦

Microsoft

Office

= 2010

References & Advisories

🔗 http://www.securitytracker.com/id/1033238

🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-080

🔗 https://www.exploit-db.com/exploits/37911/

🔗 http://www.securitytracker.com/id/1033238

🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-080

🔗 https://www.exploit-db.com/exploits/37911/

Related Vulnerabilities

CVE-2016-71829.8

The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Ser...

CVE-2014-18179.3

usp10.dll in Uniscribe (aka the Unicode Script Processor) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server ...

CVE-2015-24359.3

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold a...

CVE-2014-18189.3

GDI+ in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Window...