.NET Framework vulnerability could allow escalation of privilege
Report ID: MS201302007
Date Published: 22 February 2013
Criticality: Important
Compromise Type: privilege-escalation
Compromise From: remote
Affected Product/Component:
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Microsoft .NET Framework 4.5
Summary
A vulnerability in Microsoft .NET Framework could upon successful exploitation, allow an attacker to take control of an affected system.
Detailed Description
Microsoft has released a security update following a report of an escalation of privilege vulnerability found in the .NET Framework. The vulnerability existed when the .NET Framework improperly elevate the permissions of a callback when a WinForm object is created. Upon successful exploitation, an attacker could be able to take complete control of an affected system.
The latest update has introduces a fix to the vulnerability by correcting the way of elevating permissions when running a user-provided callback. Users are recommended to install this update to protect their system.
CVE Reference
CVE-2013-0073
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-015)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.
