Remote Code Execution Vulnerability in Windows Products by Microsoft
CVE-2013-3894

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Server 2008; Windows Rt; Windows Xp; Windows 8
Vendor: CVE Published:; 9 October 2013

Summary

A vulnerability exists in the kernel-mode drivers of various Microsoft Windows operating systems that enables remote attackers to execute arbitrary code. By exploiting a crafted CMAP table within a TrueType font (TTF) file, an attacker could potentially gain control of affected systems. This situation poses significant risks, as users may unintentionally open malicious files that exploit the vulnerability, leading to unauthorized access and control.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.us-cert.gov/ncas/alerts/TA13-288A

third-party-advisoryx_refsource_CERT

EPSS Score

24% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 9, 2013
Vulnerability Reserved
Jun 3, 2013