Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft .NET Framework vulnerabilities could allow privilege escalation


Report ID: MS201301004
Date Published: 10 January 2013

Criticality: Important
Compromise Type: privilege-escalation information-disclosure
Compromise From: remote


Affected Product/Component:

Microsoft .NET Framework 1.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Microsoft .NET Framework 4.5
Windows 8
Windows Server 2012




Summary

Four vulnerabilities in Microsoft .NET Framework could allow an attacker to gain information disclosure and privilege escalation advantages.



Detailed Description

Microsoft has issued a security update for .NET Framework following the discovery of four vulnerabilities, one of which could lead to information disclosure while three others could lead privilege escalation advantages. The vulnerabilities were caused by several factors: improper initialization of the contents of a memory array, improper validation of objects' number in memory, improper validation of objects' size in memory, and improper validation of objects' permission.

All of the issues have been resolved in the latest security update by correcting the way that .NET Framework initializes memory array, copies objects in memory, validates an array's size, and validates an object's permission. Users are recommended to install the latest update to protect their system from potential exploit attempts.



CVE Reference

CVE-2013-0001, CVE-2013-0002, CVE-2013-0003, CVE-2013-0004



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-004)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.