This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.
The remote host is affected by multiple remote code execution
The remote Windows host is affected by multiple remote code execution
vulnerabilities due to improper handling of embedded fonts by the
Windows font library. A remote attacker can exploit these by
convincing a user to open a file or visit a website containing a
specially crafted embedded font, resulting in execution of arbitrary
code in the context of the current user.
See also :
Microsoft has released a set of patches for Windows Vista, 2008, 7,
2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10. Additionally,
Microsoft has released a set of patches for Office 2007, Office 2010,
Word Viewer, Lync 2010, Lync 2010 Attendee, Lync 2013, Lync Basic
2013, Skype for Business 2016, Live Meeting 2007 Console, Silverlight;
and .NET framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5.1, 4.5.2, and 4.6.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true