Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-2431

CWE-20Improper Input Validation4 documents4 sources
Severity
9.3CRITICAL
EPSS
64.7%
top 1.54%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Microsoft Live MeetingMicrosoft LyncMicrosoft Lync Basic+1 more
Timeline
PublishedAug 15
Latest updateMay 14

Description

Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office Graphics Library (OGL) font, aka "Microsoft Office Graphics Component Remote Code Execution Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

NVDmicrosoft/lync2010

🔴Vulnerability Details

2
GHSA
GHSA-2gw9-pm3q-q2fq: Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1 allow remote2022-05-14
CVEList
CVE-2015-2431: Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1 allow remote2015-08-15

💥Exploits & PoCs

1
Exploit-DB
Microsoft Office 2007 - 'OGL.dll' DpOutputSpanStretch::OutputSpan Out of Bounds Write (MS15-080)2015-08-21
CVE-2015-2431 (CRITICAL CVSS 9.3) | Microsoft Office 2007 SP3 and 2010 | cvebase.io