‫ Microsoft .NET Framework Multiple Vulnerabilities

IRCAD2013012400
ID: IRCAD2013012400
Release Date: 2013-01-08
Criticality level: Highly critical
 
Software:
Microsoft .NET Framework 1.x
Microsoft .NET Framework 2.x
Microsoft .NET Framework 3.x
Microsoft .NET Framework 4.x
 
Description:
Multiple vulnerabilities have been reported in Microsoft .NET Framework, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
1) An error within the System Drawing namespace of Windows Forms when handling pointers can be exploited to bypass CAS (Code Access Security) restrictions and disclose information via a specially crafted XAML Browser Application (XBAP) or an untrusted .NET application.
2) An error within WinForms when handling certain objects can be exploited to cause a buffer overflow via a specially crafted XAML Browser Application (XBAP) or an untrusted .NET application.
3) A boundary error within the System.DirectoryServices.Protocols namespace when handling objects can be exploited to cause a buffer overflow via a specially crafted XAML Browser Application (XBAP) or an untrusted .NET application.
4) A double construction error within the framework does not validate object permissions and can be exploited via a specially crafted XAML Browser Application (XBAP) or an untrusted .NET application.
Successful exploitation of vulnerabilities #2 - #4 allows execution of arbitrary code.
 
Solution
Apply updates.
 
Windows XP
Windows XP Service Pack 3
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003
Windows Server 2003 Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista
Windows Vista Service Pack 2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7
Windows 7 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows 8
Windows 8 for 32-bit Systems
Windows 8 for 64-bit Systems
Windows Server 2012
Windows Server 2012
Server Core installation option
Windows Server 2008 R2 for x64-based Systems (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012 (Server Core installation)
 
References:
MS13-004 (KB2769324, KB2742607, KB2742597, KB2742596, KB2742595, KB2756918, KB2742604, KB2742601, KB2742613, KB2756919, KB2742599, KB2756921, KB2742598, KB2756920, KB2742616, KB2756923, KB2742614):
 
Secunia:
http://secunia.com/advisories/51777/

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 20 دی 1391

امتیاز

امتیاز شما
تعداد امتیازها:0