CVE-2013-3903

Windows 8, Windows Server 2012, and Windows RT - Denial of Service via TrueType Font Parsing

Title source: llm
STIX 2.1

Description

Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to cause a denial of service (reboot) via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability."

References (1)

Core 1
Core References

Scores

EPSS 0.0200
EPSS Percentile 78.4%

Details

CWE
CWE-20
Status published
Products (5)
microsoft/windows_8 (2 CPE variants)
microsoft/windows_rt
microsoft/windows_rt_8.1
microsoft/windows_server_2012
microsoft/windows_server_2012 r2 (3 CPE variants)
Published Dec 11, 2013
Tracked Since Feb 18, 2026