OpenType Font Parsing Vulnerability in Microsoft Windows Products
CVE-2013-3128

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Xp; Windows Server 2008; Windows 7; Windows Rt
Vendor: CVE Published:; 9 October 2013

Summary

This vulnerability affects multiple versions of Microsoft Windows and .NET Framework, allowing remote attackers to execute arbitrary code by exploiting a flaw in the processing of OpenType font files. Attackers can craft malicious OTF files that, when opened by a victim's system, could trigger the execution of harmful code with elevated privileges, potentially compromising the affected system. This issue underscores the importance of applying security updates and utilizing protective measures to safeguard against exploitation.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

52% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 9, 2013
Vulnerability Reserved
Apr 17, 2013