Oval Definition:oval:org.mitre.oval:def:18847
Revision Date:2014-08-18Version:56
Title:OpenType Font Parsing Vulnerability (CVE-2013-3128) - MS13-081, MS13-082
Description:The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5, allow remote attackers to execute arbitrary code via a crafted OpenType font (OTF) file, aka "OpenType Font Parsing Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2013-3128
Platform(s):Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.0
Microsoft .NET Framework 4.5
Definition Synopsis
  • .net 3.0 sp2 + win xp/2k3/vista/2k8
  • Microsoft .NET Framework 3.0 SP2 is installed
  • AND XP/2k3/2k8/Vista and vulnerable files version
  • XP / 2K3 and vulnerable file version
  • XP / 2K3 and vulnerable file version
  • Microsoft Windows XP (32-bit) is installed
  • OR Microsoft Windows XP x64 is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • AND Check for vulnerable versions
  • Check if the version of PresentationCFFRasterizerNative_v0300.dll is less than 3.0.6920.4058
  • OR Vista / 2K8 and vulnerable file version
  • Vista / 2K8
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • AND Check for vulnerable version
  • Check if the version of presentationcffrasterizernative_v0300.dll is less than 3.0.6920.4218
  • OR .net 3.5 sp1 + win xp/2k3/vista/2k8
  • Microsoft .NET Framework 3.5 SP1 is installed
  • AND Win 7 / R2
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • AND Check for vulnerable version
  • Check if the version of presentationcffrasterizernative_v0300.dll is less than 3.0.6920.5459
  • OR LDR range
  • Check if the version of presentationcffrasterizernative_v0300.dll is greater than or equal to 3.0.6920.6000
  • AND Check if the version of presentationcffrasterizernative_v0300.dll is less than 3.0.6920.7062
  • OR .net 4.0 + win xp/2k3/vista/2k8/win7/R2
  • Microsoft .NET Framework 4.0 is installed
  • AND XP/2k3/2k8/Vista/Win7/R2
  • Microsoft Windows XP (32-bit) is installed
  • OR Microsoft Windows XP x64 is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 (ia64) Gold is installed
  • OR Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND Check for vulnerable versions
  • Check if the version of PresentationCore.dll is less than 4.0.30319.1014
  • OR LDR range
  • Check if the version of presentationcore.dll is greater than or equal to 4.0.30319.2000
  • AND Check if the version of PresentationCore.dll is less than 4.0.30319.2021
  • OR .net 4.5 + win 8/2k12/vista/2k8/win7/R2
  • Microsoft .NET Framework 4.5 is installed
  • AND XP/2k3/2k8/Vista/Win7/R2
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • AND Check for vulnerable version
  • Check if the version of wpftxt_v0400.dll is less than 4.0.30319.18059
  • OR LDR range
  • Check if the version of wpftxt_v0400.dll is less than 4.0.30319.19114
  • AND Check if the version of wpftxt_v0400.dll is greater than or equal to 4.0.30319.19000
  • OR .Net 3.5 + Win 8 /2k12 and vulnerable file version
  • Microsoft .NET Framework 3.5 SP1 is installed
  • AND Windows 8 / 2k12
  • Microsoft Windows 8 (x86) is installed
  • OR Microsoft Windows 8 (x64) is installed
  • OR Microsoft Windows Server 2012 (64-bit) is installed
  • AND Check for vulnerable version
  • Check if the version of presentationcffrasterizernative_v0300.dll is less than 3.0.6920.6409
  • OR LDR range
  • Check if the version of presentationcffrasterizernative_v0300.dll is greater than or equal to 3.0.6920.7000
  • AND Check if the version of presentationcffrasterizernative_v0300.dll is less than 3.0.6920.7062
  • OR xp/version
  • Microsoft Windows XP (32-bit) is installed
  • AND Check if the atmfd.dll version is less than 5.1.2.236
  • OR win xp/server 2003/versions
  • xp/server 2003
  • Microsoft Windows XP x64 is installed
  • OR Microsoft Windows Server 2003 (ia64) Gold is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • AND Check if the version of atmfd.dll is less than 5.2.2.236
  • OR vista/2008/version
  • vista/2008
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND either file versions
  • Check if the atmfd.dll version is less than 5.1.2.236
  • OR Check if the version of Dwrite.dll is less than 7.0.6002.18923
  • OR ldr range
  • Check if the version of Dwrite.dll is less than 7.0.6002.23200
  • AND Check if the version of Dwrite.dll is greater than or equal to 7.0.6002.23000
  • OR win 7/2008 r2/versions
  • win 7/2008 r2
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • AND either file versions
  • Check if the version of atmfd.dll is less than 5.1.2.238
  • OR Check if the version of Dwrite.dll is less than 6.1.7601.18245
  • OR ldr range
  • Check if the version of Dwrite.dll is less than 6.1.7601.22434
  • AND Check if the version of Dwrite.dll is greater than or equal to 6.1.7601.22000
  • OR win 8/server 2012
  • win 8/server 2012
  • Microsoft Windows 8 (x86) is installed
  • OR Microsoft Windows 8 (x64) is installed
  • OR Microsoft Windows Server 2012 (64-bit) is installed
  • AND Check if the atmfd.dll version is less than 5.1.2.237
    • BACK