|MS15-130||Security Update for Microsoft Uniscribe to Address Remote Code Execution (3108670)||Windows 7||Critical||09-12-2015|
Brief overview of the risk:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains specially crafted fonts.
Detailed Information on the risk:
A remote code execution vulnerability exists when Windows Uniscribe improperly parses specially crafted fonts. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage that contains embedded fonts. The security update addresses the vulnerability by correcting how Windows parses fonts.Further information on this exploit is available at : MS15-130
Affected SoftwareWindows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)