TrueType Font Parsing Flaw in Microsoft Products
CVE-2013-3129

Currently unrated

Key Information:

Vendor
Microsoft
Status
.net Framework
Silverlight
Visual Studio .net
Lync
Vendor
CVE Published:
10 July 2013

Summary

A vulnerability exists in multiple Microsoft products, including the .NET Framework and Office applications, allowing remote attackers to execute arbitrary code. This occurs via the unsafe parsing of specially crafted TrueType Font (TTF) files. A successful exploitation can lead to unauthorized actions on affected systems, exploiting the rendering features of TTF within various software components.

References

https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS

EPSS Score

39% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.