Microsoft Unicode Scripts Processor Remote Code Execution Vulnerability (2850869) Network Vulnerability

Summary

This host is missing an critical security update according to Microsoft Bulletin MS13-060.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code and or cause memory corruption.

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, https://technet.microsoft.com/en-us/security/bulletin/ms13-060

Insight

The flaw is due to an error within the Unicode Scripts Processor (USP10.dll) when processing OpenType fonts.

Affected

Microsoft Windows XP x32/64 Edition Service Pack 3 and prior Microsoft Windows 2003 x32/64 Edition Service Pack 2 and prior

Detection

Get the vulnerable file version and check appropriate patch is applied or not.

References

http://secunia.com/advisories/54364
http://support.microsoft.com/kb/2850869
http://www.securelist.com/en/advisories/54364
https://technet.microsoft.com/en-us/security/bulletin/ms13-060

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-3181

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft DirectAccess Security Advisory (2862152)
Microsoft DirectShow Remote Code Execution Vulnerability (961373)
Microsoft .NET Framework Remote Code Execution Vulnerabilities (2878890)
Flaw in Microsoft VM Could Allow Code Execution (810030)
Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906)

Take action and discover your vulnerabilities