CVEブラウザに戻る

CVE-2015-2431

CRITICAL

9.3

CVSS Severity Score

EPSS Score0.0240%

EPSS Percentile5.59th

Published2015年8月15日

Last Modified2026年5月6日

Vulnerability Description

Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office Graphics Library (OGL) font, aka "Microsoft Office Graphics Component Remote Code Execution Vulnerability."

Affected Platforms (CPE)

📦

Microsoft

Live Meeting

= 2007

📦

Microsoft

Lync

= 2010

📦

Microsoft

Lync

= 2010

📦

Microsoft

Lync

= 2010

📦

Microsoft

Lync Basic

= 2013

📦

Microsoft

Lync Basic

= 2013

📦

Microsoft

Office

= 2010

📦

Microsoft

Office

= 2010

References & Advisories

🔗 http://www.securitytracker.com/id/1033238

🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-080

🔗 https://www.exploit-db.com/exploits/37911/

🔗 http://www.securitytracker.com/id/1033238

🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-080

🔗 https://www.exploit-db.com/exploits/37911/

関連する脆弱性情報

CVE-2016-71829.8

The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Ser...

CVE-2014-18179.3

usp10.dll in Uniscribe (aka the Unicode Script Processor) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server ...

CVE-2015-24359.3

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold a...

CVE-2014-18189.3

GDI+ in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Window...