CVE-2013-3129: Code Injection
First published: Wed Jul 10 2013(Updated: )
Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT; GDI+ in Office 2003 SP3, 2007 SP3, and 2010 SP1; GDI+ in Visual Studio .NET 2003 SP1; and GDI+ in Lync 2010, 2010 Attendee, 2013, and Basic 2013 allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft .NET Framework | =3.0-sp2 | |
| Microsoft .NET Framework | =3.5 | |
| Microsoft .NET Framework | =3.5.1 | |
| Microsoft .NET Framework | =4.0 | |
| Microsoft .NET Framework | =4.5 | |
| Microsoft Lync | =2010 | |
| Microsoft Lync | =2010 | |
| Microsoft Lync | =2010 | |
| Microsoft Lync | =2013 | |
| Microsoft Lync | =2013 | |
| Microsoft Lync Basic | =2013 | |
| Microsoft Lync Basic | =2013 | |
| Microsoft Office | =2003-sp3 | |
| Microsoft Office | =2007-sp3 | |
| Microsoft Office | =2010-sp1 | |
| Microsoft Office | =2010-sp1 | |
| Microsoft Silverlight | =5.0.60401.0 | |
| Microsoft Silverlight | =5.0.60818.0 | |
| Microsoft Silverlight | =5.0.60818.0-rc | |
| Microsoft Silverlight | =5.0.61118.0 | |
| Microsoft Silverlight | =5.1.10411.0 | |
| Microsoft Silverlight | =5.1.20125.0 | |
| Microsoft Visual Studio | =2003-sp1 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 8.0 | ||
| Microsoft Windows 8.0 | ||
| Microsoft Windows RT | ||
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows Server 2008 Itanium | =sp2 | |
| Microsoft Windows Server 2008 Itanium | =sp2 | |
| Microsoft Windows Server 2008 Itanium | =sp2 | |
| Microsoft Windows Server 2012 x64 | ||
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows Vista | =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.us-cert.gov/ncas/alerts/TA13-190A
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-052
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-053
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-054
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17323
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17341
Frequently Asked Questions
What is the severity of CVE-2013-3129?
CVE-2013-3129 is rated as critical, allowing for remote code execution without user interaction.
How do I fix CVE-2013-3129?
To fix CVE-2013-3129, you should apply the appropriate security updates provided by Microsoft for the affected software versions.
What platforms are affected by CVE-2013-3129?
CVE-2013-3129 affects multiple versions of the .NET Framework, Silverlight, and several Windows operating systems including Windows XP, Windows 7, and Windows 8.
Are older versions of software vulnerable to CVE-2013-3129?
Yes, older versions of Microsoft .NET Framework, Silverlight, and various Windows operating systems are vulnerable to CVE-2013-3129.
What types of attacks can exploit CVE-2013-3129?
CVE-2013-3129 can be exploited through specially crafted applications leading to unauthorized remote code execution.
- agent/references
- agent/author
- agent/type
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/event
- agent/last-modified-date
- agent/severity
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft .net framework
- version/microsoft .net framework/3.0-sp2
- version/microsoft .net framework/3.5
- version/microsoft .net framework/3.5.1
- version/microsoft .net framework/4.0
- version/microsoft .net framework/4.5
- canonical/microsoft lync
- version/microsoft lync/2010
- version/microsoft lync/2013
- canonical/microsoft lync basic
- version/microsoft lync basic/2013
- canonical/microsoft office
- version/microsoft office/2003-sp3
- version/microsoft office/2007-sp3
- version/microsoft office/2010-sp1
- canonical/microsoft silverlight
- version/microsoft silverlight/5.0.60401.0
- version/microsoft silverlight/5.0.60818.0
- version/microsoft silverlight/5.0.60818.0-rc
- version/microsoft silverlight/5.0.61118.0
- version/microsoft silverlight/5.1.10411.0
- version/microsoft silverlight/5.1.20125.0
- canonical/microsoft visual studio
- version/microsoft visual studio/2003-sp1
- canonical/microsoft windows 7
- version/microsoft windows 7/sp1
- canonical/microsoft windows 8.0
- canonical/microsoft windows rt
- canonical/microsoft windows server 2003
- version/microsoft windows server 2003/sp2
- canonical/microsoft windows server 2008 itanium
- version/microsoft windows server 2008 itanium/sp2
- canonical/microsoft windows server 2012 x64
- canonical/microsoft windows vista
- version/microsoft windows vista/sp2
- canonical/microsoft windows xp
- version/microsoft windows xp/sp3
- version/microsoft windows xp/sp2