Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

.NET Framework vulnerability could allow escalation of privilege


Report ID: MS201302007
Date Published: 22 February 2013

Criticality: Important
Compromise Type: privilege-escalation
Compromise From: remote


Affected Product/Component:

Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Microsoft .NET Framework 4.5




Summary

A vulnerability in Microsoft .NET Framework could upon successful exploitation, allow an attacker to take control of an affected system.



Detailed Description

Microsoft has released a security update following a report of an escalation of privilege vulnerability found in the .NET Framework. The vulnerability existed when the .NET Framework improperly elevate the permissions of a callback when a WinForm object is created. Upon successful exploitation, an attacker could be able to take complete control of an affected system.

The latest update has introduces a fix to the vulnerability by correcting the way of elevating permissions when running a user-provided callback. Users are recommended to install this update to protect their system.



CVE Reference

CVE-2013-0073



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-015)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.