.NET Framework and Silverlight vulnerabilities could allow remote code execution
Report ID: MS201307001
Date Published: 11 July 2013
Compromise Type: remote-code-execution privilege-escalation
Compromise From: remote
Microsoft .NET Framework 1.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.0
Microsoft .NET Framework 4.5
Microsoft Silverlight 5
Microsoft Silverlight 5 Developer Runtime
Seven vulnerabilities were reported in Microsoft .NET Framework and Microsoft Silverlight, four of which could lead to remote code execution and the other three could lead to escalation of privileges.
Microsoft has released a security update to address seven vulnerabilities reported found in .NET Framework and Silverlight.Four of the vulnerabilities could allow an attacker to execute code and take control of an affected system upon successful exploitation. These vulnerabilities were caused by improper handling of TrueType Fonts (TTF) files, multidimensional arrays of small structures, and a dereference to a null pointer, and incorrect allocation of an array of small structures.
Three other vulnerabilities could each be exploited into allowing the attacker to gain escalated privileges on the affected system. These vulnerabilities were caused by improper validation of permission for objects performing reflection or objects involved with reflection, and when delegating objects during serialization.
All of these issues have been resolved through the latest update by introducing necessary modifications and corrections. Users are recommended to install the update to their system as a protection measure against possible exploit attempts.
CVE-2013-3129, CVE-2013-3131, CVE-2013-3132, CVE-2013-3133, CVE-2013-3134,CVE-2013-3171, CVE-2013-3178
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-052)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.