Microsoft .NET Framework vulnerabilities could lead to remote code execution
Report ID: MS201310003
Date Published: 9 October 2013
Compromise Type: remote-code-execution denial-of-service
Compromise From: remote
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.0
Microsoft .NET Framework 4.5
Three vulnerabilities were reported found in Microsoft .NET Framework, one of which could lead to remote code execution and two others could lead to denial of service.
All of the issues have been fixed by ensuring proper handling of OpenType font, proper validation of XML digital signatures, and proper handling of JSON data encodings. Users are recommended to install the update to their system as a protection measure against possible exploit attempts.
CVE-2013-3128, CVE-2013-3860, CVE-2013-3861
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-082)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.