9.3

CVE-2013-3128

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5, allow remote attackers to execute arbitrary code via a crafted OpenType font (OTF) file, aka "OpenType Font Parsing Vulnerability."

Data is provided by the National Vulnerability Database (NVD)
MicrosoftWindows 7 Version- Updatesp1 HwPlatformx64
MicrosoftWindows 7 Version- Updatesp1 HwPlatformx86
MicrosoftWindows 8 Version- HwPlatformx64
MicrosoftWindows 8 Version- HwPlatformx86
MicrosoftWindows Rt Version-
MicrosoftWindows Server 2003 Version- Updatesp2
MicrosoftWindows Server 2003 Version- Updatesp2 HwPlatformitanium
MicrosoftWindows Server 2003 Version- Updatesp2 HwPlatformx64
MicrosoftWindows Server 2008 Version- Updatesp2 HwPlatformitanium
MicrosoftWindows Server 2008 Version- Updatesp2 HwPlatformx64
MicrosoftWindows Server 2008 Version- Updatesp2 HwPlatformx86
MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformitanium
MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
MicrosoftWindows Vista Version- Updatesp2
MicrosoftWindows Vista Version- Updatesp2 HwPlatformx64
MicrosoftWindows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
MicrosoftWindows Xp Version- Updatesp3
Microsoft.Net Framework Version3.0 Updatesp2
   MicrosoftWindows Server 2003 Version- Updatesp2
   MicrosoftWindows Server 2003 Version- Updatesp2 HwPlatformx64
   MicrosoftWindows Server 2008 Version- Updatesp2 HwPlatformx64
   MicrosoftWindows Server 2008 Version- Updatesp2 HwPlatformx86
   MicrosoftWindows Vista Version- Updatesp2
   MicrosoftWindows Vista Version- Updatesp2 HwPlatformx64
   MicrosoftWindows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
   MicrosoftWindows Xp Version- Updatesp3
Microsoft.Net Framework Version3.5 Update-
   MicrosoftWindows 8 Version- HwPlatformx64
   MicrosoftWindows 8 Version- HwPlatformx86
   MicrosoftWindows Server 2012 Version-
Microsoft.Net Framework Version3.5.1
   MicrosoftWindows 7 Version- Updatesp1 HwPlatformx86
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
Microsoft.Net Framework Version4.0 Update-
   MicrosoftWindows Server 2003 Version- Updatesp2
   MicrosoftWindows Server 2003 Version- Updatesp2 HwPlatformx64
   MicrosoftWindows Server 2008 Version- Updatesp2 HwPlatformx64
   MicrosoftWindows Server 2008 Version- Updatesp2 HwPlatformx86
   MicrosoftWindows Vista Version- Updatesp2
   MicrosoftWindows Vista Version- Updatesp2 HwPlatformx64
   MicrosoftWindows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
   MicrosoftWindows Xp Version- Updatesp3
Microsoft.Net Framework Version4.5
   MicrosoftWindows Server 2008 Version- Updatesp2 HwPlatformx64
   MicrosoftWindows Server 2008 Version- Updatesp2 HwPlatformx86
   MicrosoftWindows Vista Version- Updatesp2
   MicrosoftWindows Vista Version- Updatesp2 HwPlatformx64
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 57.84% 0.981
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
http://www.us-cert.gov/ncas/alerts/TA13-288A
Third Party Advisory
US Government Resource