CVE-2014-4148

HIGH KEV

Windows win32k.sys - Remote Code Execution via Crafted TrueType Font

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2014-4148 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 25, 2022.

Description

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted TrueType font, as exploited in the wild in October 2014, aka "TrueType Font Parsing Remote Code Execution Vulnerability."

References (6)

Core 6
Core References
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60970
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/70429
Patch, Vendor Advisory vendor-advisory x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-058
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/96995

Scores

CVSS v3 8.8
EPSS 0.5572
EPSS Percentile 98.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2022-05-25
VulnCheck KEV 2014-10-14
InTheWild.io 2014-10-14
ENISA EUVD EUVD-2014-4079
CWE
CWE-94
Status published
Products (11)
microsoft/windows_7
microsoft/windows_8
microsoft/windows_8.1
microsoft/windows_rt
microsoft/windows_rt_8.1
microsoft/windows_server_2003
microsoft/windows_server_2008
microsoft/windows_server_2008 r2
microsoft/windows_server_2012
microsoft/windows_server_2012 r2
... and 1 more
Published Oct 15, 2014
KEV Added May 25, 2022
Tracked Since Feb 18, 2026