Lucene search
MicrosoftCVE-2013-3128HistoryOct 09, 2013 - 2:53 p.m.
CVE-2013-3128
2013-10-0914:53:24
microsoft
web.nvd.nist.gov
135
cve-2013-3128
remote code execution
opentype font parsing
nvd
microsoft
windows xp
windows server
windows vista
windows 7
windows 8
windows rt
.net framework
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.3
Confidence
Low
EPSS
0.755
Percentile
98.2%
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5, allow remote attackers to execute arbitrary code via a crafted OpenType font (OTF) file, aka “OpenType Font Parsing Vulnerability.”
Affected configurations
Node
microsoftwindows_7Match-sp1x64
ORmicrosoftwindows_7Match-sp1x86
ORmicrosoftwindows_8Match-x64
ORmicrosoftwindows_8Match-x86
ORmicrosoftwindows_rtMatch-
ORmicrosoftwindows_server_2003Match-sp2
ORmicrosoftwindows_server_2003Match-sp2itanium
ORmicrosoftwindows_server_2003Match-sp2x64
ORmicrosoftwindows_server_2008Match-sp2itanium
ORmicrosoftwindows_server_2008Match-sp2x64
ORmicrosoftwindows_server_2008Match-sp2x86
ORmicrosoftwindows_server_2008Matchr2sp1itanium
ORmicrosoftwindows_server_2008Matchr2sp1x64
ORmicrosoftwindows_server_2012Match-
ORmicrosoftwindows_vistaMatch-sp2
ORmicrosoftwindows_vistaMatch-sp2x64
ORmicrosoftwindows_xpMatch-sp2professionalx64
ORmicrosoftwindows_xpMatch-sp3
Node
microsoft.net_frameworkMatch3.0sp2
microsoftwindows_server_2003Match-sp2
ORmicrosoftwindows_server_2003Match-sp2x64
ORmicrosoftwindows_server_2008Match-sp2x64
ORmicrosoftwindows_server_2008Match-sp2x86
ORmicrosoftwindows_vistaMatch-sp2
ORmicrosoftwindows_vistaMatch-sp2x64
ORmicrosoftwindows_xpMatch-sp2professionalx64
ORmicrosoftwindows_xpMatch-sp3
Node
microsoft.net_frameworkMatch3.5-
microsoftwindows_8Match-x64
ORmicrosoftwindows_8Match-x86
ORmicrosoftwindows_server_2012Match-
Node
microsoft.net_frameworkMatch3.5.1
microsoftwindows_7Match-sp1x86
ORmicrosoftwindows_server_2008Matchr2sp1x64
Node
microsoft.net_frameworkMatch4.0-
microsoftwindows_server_2003Match-sp2
ORmicrosoftwindows_server_2003Match-sp2x64
ORmicrosoftwindows_server_2008Match-sp2x64
ORmicrosoftwindows_server_2008Match-sp2x86
ORmicrosoftwindows_vistaMatch-sp2
ORmicrosoftwindows_vistaMatch-sp2x64
ORmicrosoftwindows_xpMatch-sp2professionalx64
ORmicrosoftwindows_xpMatch-sp3
Node
microsoft.net_frameworkMatch4.5
microsoftwindows_server_2008Match-sp2x64
ORmicrosoftwindows_server_2008Match-sp2x86
ORmicrosoftwindows_vistaMatch-sp2
ORmicrosoftwindows_vistaMatch-sp2x64
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | windows_7 | - | cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:* |
| microsoft | windows_7 | - | cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:* |
| microsoft | windows_8 | - | cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:x64:* |
| microsoft | windows_8 | - | cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:x86:* |
| microsoft | windows_rt | - | cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:* |
| microsoft | windows_server_2003 | - | cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:* |
| microsoft | windows_server_2003 | - | cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:* |
| microsoft | windows_server_2003 | - | cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:* |
| microsoft | windows_server_2008 | - | cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:itanium:* |
| microsoft | windows_server_2008 | - | cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:* |
Related
symantec
symantec
nvd
nvd
CVE-2013-3128
2013-10-09 14:53:24
prion
prion
Design/Logic Flaw
2013-10-09 14:53:00
cvelist
cvelist
CVE-2013-3128
2013-10-09 14:44:00
checkpoint_advisories
checkpoint_advisories
zdi
zdi
mskb
mskb
openvas
openvas
Microsoft .NET Framework Remote Code Execution Vulnerabilities (2878890)
2013-10-09 00:00:00
Microsoft .NET Framework Remote Code Execution Vulnerabilities (2878890)
2013-10-09 00:00:00
nessus
nessus
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2013-10-09 00:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.3
Confidence
Low
EPSS
0.755
Percentile
98.2%
Related for CVE-2013-3128