CVE-2013-3128

Name of the Vulnerable Software and Affected Versions Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista version SP2 Microsoft Windows Server 2008 versions SP2 through R2 SP1 Microsoft Windows 7 version SP1 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows RT Microsoft .NET Framework versions 3.0 SP2 through 4.5

Description A remote code execution issue exists in the way affected components handle specially crafted OpenType fonts (OTF). This could allow remote code execution if a user visits a website hosting an XAML Browser Application (XBAP) containing a specially crafted OTF file. An attacker who successfully exploits this issue could take complete control of an affected system, then install programs, view, change, or delete data, or create new accounts with full user rights. The issue is related to the parsing of OpenType fonts by Windows.

Recommendations For Microsoft Windows XP versions SP2 through SP3, update to a newer version to mitigate the risk. For Microsoft Windows Server 2003 version SP2, update to a newer version to mitigate the risk. For Microsoft Windows Vista version SP2, update to a newer version to mitigate the risk. For Microsoft Windows Server 2008 versions SP2 through R2 SP1, update to a newer version to mitigate the risk. For Microsoft Windows 7 version SP1, update to a newer version to mitigate the risk. For Microsoft Windows 8, update to a newer version to mitigate the risk. For Microsoft Windows Server 2012, update to a newer version to mitigate the risk. For Microsoft Windows RT, update to a newer version to mitigate the risk. For Microsoft .NET Framework versions 3.0 SP2 through 4.5, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to specially crafted OpenType fonts (OTF) until a patch is available.