Microsoft · Windows Server 2003 · CVE-2013-3129
**Name of the Vulnerable Software and Affected Versions**
Microsoft .NET Framework versions 3.0 SP2 through 4.5
Silverlight version 5 before 5.1.20513.0
Windows XP versions SP2 and SP3
Windows Server 2003 version SP2
Windows Vista version SP2
Windows Server 2008 versions SP2 and R2 SP1
Windows 7 version SP1
Windows 8
Windows Server 2012
Windows RT
Office versions 2003 SP3, 2007 SP3, and 2010 SP1
Visual Studio .NET version 2003 SP1
Lync versions 2010, 2010 Attendee, 2013, and Basic 2013
**Description**
A remote code execution issue exists in the way affected Windows components and other software handle specially crafted TrueType font files. This could allow remote code execution if a user views shared content that embeds TrueType font files or opens a specially crafted TrueType font file. An attacker who successfully exploits this issue could take complete control of an affected system, then install programs, view, change, or delete data, or create new accounts with full administrative rights.
**Recommendations**
For Microsoft .NET Framework versions 3.0 SP2 through 4.5, update to a version that includes the fix for this issue.
For Silverlight version 5 before 5.1.20513.0, update to version 5.1.20513.0 or later.
For Windows XP versions SP2 and SP3, Windows Server 2003 version SP2, Windows Vista version SP2, Windows Server 2008 versions SP2 and R2 SP1, Windows 7 version SP1, Windows 8, Windows Server 2012, and Windows RT, apply the relevant security update.
For Office versions 2003 SP3, 2007 SP3, and 2010 SP1, update to a version that includes the fix for this issue.
For Visual Studio .NET version 2003 SP1, update to a version that includes the fix for this issue.
For Lync versions 2010, 2010 Attendee, 2013, and Basic 2013, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting the use of TrueType font files until a patch is available.