Summary
This host is missing an important security update according to Microsoft Bulletin MS13-004.
Impact
Successful exploitation will allow an attacker to execute arbitrary code with the privileges of the currently logged-in user. Failed attacks will cause denial-of-service conditions.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms13-004
Insight
- An error within the System Drawing namespace of Windows Forms when handling pointers can be exploited to bypass CAS (Code Access Security) restrictions and disclose information.
- An error within WinForms when handling certain objects can be exploited to cause a buffer overflow.
- A boundary error within the System.DirectoryServices.Protocols namespace when handling objects can be exploited to cause a buffer overflow.
- A double construction error within the framework does not validate object permissions and can be exploited via a specially crafted XAML Browser Application (XBAP) or an untrusted .NET application.
Affected
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0, 3.5, 3.5.1, 4 and 4.5
References
- http://secunia.com/advisories/51777/
- http://support.microsoft.com/kb/2742595
- http://support.microsoft.com/kb/2742596
- http://support.microsoft.com/kb/2742597
- http://support.microsoft.com/kb/2742598
- http://support.microsoft.com/kb/2742599
- http://support.microsoft.com/kb/2742601
- http://support.microsoft.com/kb/2742604
- http://support.microsoft.com/kb/2742607
- http://support.microsoft.com/kb/2742613
- http://support.microsoft.com/kb/2756918
- http://support.microsoft.com/kb/2756919
- http://support.microsoft.com/kb/2756920
- http://support.microsoft.com/kb/2756921
- http://support.microsoft.com/kb/2769324
- http://technet.microsoft.com/en-us/security/bulletin/ms13-004
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-0001, CVE-2013-0002, CVE-2013-0003, CVE-2013-0004 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Bluetooth Stack Remote Code Execution Vulnerability (2566220)
- Consent User Interface Privilege Escalation Vulnerability (2442962)
- Microsoft Group Policy Remote Code Execution Vulnerability (3000483)
- IE 5.01 5.5 6.0 Cumulative patch (890923)
- Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (2870699)