Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft .NET Framework vulnerabilities could lead to remote code execution


Report ID: MS201310003
Date Published: 9 October 2013

Criticality: Critical
Compromise Type: remote-code-execution denial-of-service
Compromise From: remote


Affected Product/Component:

Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.0
Microsoft .NET Framework 4.5




Summary

Three vulnerabilities were reported found in Microsoft .NET Framework, one of which could lead to remote code execution and two others could lead to denial of service. 



Detailed Description

Microsoft has released a security update to address three reported vulnerabilities in the .NET Framework, one of which could lead to remote code execution and two others could lead to denial of service. The vulnerabilities arise when .NET Framework attempts to parse an OpenType font embedded in an XAML Browser Application (XBAP), to parse a document type definition (DTD) for XML, or to parse JavaScript Object Notation (JSON) data.  

All of the issues have been fixed by ensuring proper handling of OpenType font, proper validation of XML digital signatures, and proper handling of JSON data encodings. Users are recommended to install the update to their system as a protection measure against possible exploit attempts.



CVE Reference

CVE-2013-3128, CVE-2013-3860, CVE-2013-3861



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-082)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.