CVE-2013-3129

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 3.0 SP2 through 4.5 Silverlight version 5 before 5.1.20513.0 Windows XP versions SP2 and SP3 Windows Server 2003 version SP2 Windows Vista version SP2 Windows Server 2008 versions SP2 and R2 SP1 Windows 7 version SP1 Windows 8 Windows Server 2012 Windows RT Office versions 2003 SP3, 2007 SP3, and 2010 SP1 Visual Studio .NET version 2003 SP1 Lync versions 2010, 2010 Attendee, 2013, and Basic 2013

Description A remote code execution issue exists in the way affected Windows components and other software handle specially crafted TrueType font files. This could allow remote code execution if a user views shared content that embeds TrueType font files or opens a specially crafted TrueType font file. An attacker who successfully exploits this issue could take complete control of an affected system, then install programs, view, change, or delete data, or create new accounts with full administrative rights.

Recommendations For Microsoft .NET Framework versions 3.0 SP2 through 4.5, update to a version that includes the fix for this issue. For Silverlight version 5 before 5.1.20513.0, update to version 5.1.20513.0 or later. For Windows XP versions SP2 and SP3, Windows Server 2003 version SP2, Windows Vista version SP2, Windows Server 2008 versions SP2 and R2 SP1, Windows 7 version SP1, Windows 8, Windows Server 2012, and Windows RT, apply the relevant security update. For Office versions 2003 SP3, 2007 SP3, and 2010 SP1, update to a version that includes the fix for this issue. For Visual Studio .NET version 2003 SP1, update to a version that includes the fix for this issue. For Lync versions 2010, 2010 Attendee, 2013, and Basic 2013, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of TrueType font files until a patch is available.