Vulnerability Description
usp10.dll in the Unicode Scripts Processor in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows Server 2003 | All versions |
| Microsoft | Windows Xp | All versions |
Related Weaknesses (CWE)
References
- http://www.us-cert.gov/ncas/alerts/TA13-225AThird Party AdvisoryUS Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-06
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://www.us-cert.gov/ncas/alerts/TA13-225AThird Party AdvisoryUS Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-06
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2013-3181?
CVE-2013-3181 is a vulnerability with a CVSS score of 9.3 (HIGH). usp10.dll in the Unicode Scripts Processor in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "Uniscribe...
How severe is CVE-2013-3181?
CVE-2013-3181 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3181?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows Server 2003, Microsoft Windows Xp.