CVE-2013-3128 — Microsoft NET Framework vulnerability

5 documents5 sources

Severity

9.3CRITICALNVD

EPSS

57.8%

top 1.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft NET Framework Microsoft Windows Server 2008

Timeline

PublishedOct 9

Latest updateMay 13

Description

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5, allow remote attackers to execute arbitrary code via a crafted OpenType font (OTF) file, aka "OpenType Font Parsing Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/windowsr2

▶NVDmicrosoft/net_framework5 versions+4

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-cp6p-w36w-x52m: The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7↗2022-05-13

▶

CVEList

CVE-2013-3128: The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7↗2013-10-09

▶

VulnCheck

Microsoft Windows OpenType Font Parsing Vulnerability↗2013

▶

💥Exploits & PoCs

Exploit-DB

Squid 3.3.5 - Denial of Service (PoC)↗2013-07-16

▶