CVE-2014-4148
- Reference to the description:
- Description:
- win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted TrueType font, as exploited in the wild in October 2014, aka "TrueType Font Parsing Remote Code Execution Vulnerability."
- Last updated date:
- 02/10/2025
Reports
ACTIVELY EXPLOITED
- Type:
- exploitation
- Confidence:
- HIGH
- Date of publishing:
- 10/14/2014
- Reference url to background
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-058
- Type:
- exploitation
- Confidence:
- HIGH
- Date of publishing:
- 02/26/2019
- Reference url to background
- Type:
- exploitation
- Confidence:
- HIGH
- Date of publishing:
- 05/25/2022
- Reference url to background
https://www.cisa.gov/known-exploited-vulnerabilities-catalog