Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

.NET Framework and Silverlight vulnerabilities could allow remote code execution


Report ID: MS201307001
Date Published: 11 July 2013

Criticality: Critical
Compromise Type: remote-code-execution privilege-escalation
Compromise From: remote


Affected Product/Component:

Microsoft .NET Framework 1.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.0
Microsoft .NET Framework 4.5
Microsoft Silverlight 5
Microsoft Silverlight 5 Developer Runtime




Summary

Seven vulnerabilities were reported in Microsoft .NET Framework and Microsoft Silverlight, four of which could lead to remote code execution and the other three could lead to escalation of privileges.



Detailed Description

Microsoft has released a security update to address seven vulnerabilities reported found in .NET Framework and Silverlight.Four of the vulnerabilities could allow an attacker to execute code and take control of an affected system upon successful exploitation. These vulnerabilities were caused by improper handling of TrueType Fonts (TTF) files, multidimensional arrays of small structures, and a dereference to a null pointer, and incorrect allocation of an array of small structures. 

Three other vulnerabilities could each be exploited into allowing the attacker to gain escalated privileges on the affected system. These vulnerabilities were caused by improper validation of permission for objects performing reflection or objects involved with reflection, and when delegating objects during serialization.

All of these issues have been resolved through the latest update by introducing necessary modifications and corrections. Users are recommended to install the update to their system as a protection measure against possible exploit attempts.



CVE Reference

CVE-2013-3129, CVE-2013-3131, CVE-2013-3132, CVE-2013-3133, CVE-2013-3134,CVE-2013-3171, CVE-2013-3178



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-052)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.