Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-2510 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Live Meeting Console

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

9.3CRITICALNVD

EPSS

70.6%

top 1.30%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Live Meeting Console Microsoft Lync Microsoft Office

Timeline

PublishedSep 9

Latest updateMay 14

Description

Buffer overflow in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "Graphics Component Buffer Overflow Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDmicrosoft/lync2010, 2013+1

▶NVDmicrosoft/live_meeting_console2007

▶NVDmicrosoft/office2007, 2010+1

🔴Vulnerability Details

GHSA

GHSA-qcc8-wpcw-q7r5: Buffer overflow in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Lync 2010↗2022-05-14

▶

CVEList

CVE-2015-2510: Buffer overflow in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Lync 2010↗2015-09-09

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Office 2007 - 'OGL.dll' ValidateBitmapInfo Bounds Check Failure (MS15-097)↗2015-09-16

▶