Microsoft Windows OpenType Font Parsing Persistent Denial-of-Service Vulnerability

October 11th, 2013

Vulnerability Details


This vulnerability allows remote attackers to causes a persistent Denial-of-Service on machines running vulnerable versions of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must open a vulnerable font.

The specific flaw exists within the handling of OpenType Fonts in the Windows Kernel. The machine will immediately crash and be unable to restart if a user attempts to use the malicious font.

Additional Details

Microsoft has issued an update to correct this vulnerability. More details can be found at:
https://technet.microsoft.com/en-us/security/bulletin/ms13-081

Disclosure Timeline

  • 2013-02-22 - Vulnerability reported to vendor
  • 2013-10-11 - Coordinated public release of advisory

Credit

Anonymous

Back to Advisories