Is CVE-2013-3129 being actively exploited?

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 32%.

What products does CVE-2013-3129 affect?

Tracked products affected include Microsoft Office. Check the version you run to see whether it is affected.

How do I fix CVE-2013-3129?

Apply the vendor fix promptly. Upgrade affected products to a fixed version.

CVE-2013-3129

Q: What is CVE-2013-3129?

CVE-2013-3129 is a high-severity software vulnerability (Code injection) with a CVSS score of 7.8. Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Wi

HIGH severity · CVSS 7.8 · Code injection

7.8CVSS HIGH

Summary

Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT; GDI+ in Office 2003 SP3, 2007 SP3, and 2010 SP1; GDI+ in Visual Studio .NET 2003 SP1; and GDI+ in Lync 2010, 2010 Attendee, 2013, and Basic 2013 allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."

Impact & exploitability

Attack vectorLocal

Attack complexityLow

Privileges requiredNone

User interactionRequired

Confidentiality impactHigh

Integrity impactHigh

Availability impactHigh

Exploit probability (EPSS)32%

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products we track (1)

Microsoft Office

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

CVE-2013-3129

Summary

Impact & exploitability

Affected products we track (1)

Recommendation

Additional information