Microsoft .NET Framework Privilege Elevation Vulnerability (2800277) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS13-015.

Impact

Successful exploitation could allow an attacker to execute arbitrary code. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms13-015

Insight

The flaw is due to an error when handling permissions of a callback function when a certain WinForm object is created and can be exploited to bypass CAS (Code Access Security) restrictions via a specially crafted XAML Browser Application (XBAP) or an untrusted .NET application.

Affected

Microsoft .NET Framework 4 Microsoft .NET Framework 4.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 2.0 Service Pack 2

References

http://secunia.com/advisories/52143/
http://support.microsoft.com/kb/2800277
http://technet.microsoft.com/en-us/security/bulletin/ms13-015

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-0073

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft .NET Framework Remote Code Execution Vulnerability (2484015)
Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
Cumulative Security Update for Internet Explorer (956390)
Internet Information Services (IIS) FTP Service Remote Code Execution Vulnerability (2489256)
Embedded OpenType Font Engine Remote Code Execution Vulnerability (982132)

Take action and discover your vulnerabilities