Microsoft .NET Framework vulnerabilities could allow privilege escalation
Report ID: MS201301004
Date Published: 10 January 2013
Compromise Type: privilege-escalation information-disclosure
Compromise From: remote
Microsoft .NET Framework 1.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Microsoft .NET Framework 4.5
Windows Server 2012
Four vulnerabilities in Microsoft .NET Framework could allow an attacker to gain information disclosure and privilege escalation advantages.
Microsoft has issued a security update for .NET Framework following the discovery of four vulnerabilities, one of which could lead to information disclosure while three others could lead privilege escalation advantages. The vulnerabilities were caused by several factors: improper initialization of the contents of a memory array, improper validation of objects' number in memory, improper validation of objects' size in memory, and improper validation of objects' permission.
All of the issues have been resolved in the latest security update by correcting the way that .NET Framework initializes memory array, copies objects in memory, validates an array's size, and validates an object's permission. Users are recommended to install the latest update to protect their system from potential exploit attempts.
CVE-2013-0001, CVE-2013-0002, CVE-2013-0003, CVE-2013-0004
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-004)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.