TrueType Font Parsing Flaw in Microsoft Products
CVE-2013-3129

Currently unrated

Key Information:

Vendor: Microsoft
Status: .net Framework; Silverlight; Visual Studio .net; Lync
Vendor: CVE Published:; 10 July 2013

What is CVE-2013-3129?

A vulnerability exists in multiple Microsoft products, including the .NET Framework and Office applications, allowing remote attackers to execute arbitrary code. This occurs via the unsafe parsing of specially crafted TrueType Font (TTF) files. A successful exploitation can lead to unauthorized actions on affected systems, exploiting the rendering features of TTF within various software components.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

44% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 10, 2013
Vulnerability Reserved
Apr 17, 2013