Microsoft .NET Framework Privilege Elevation Vulnerability (2800277) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS13-015.

Impact

Successful exploitation could allow an attacker to execute arbitrary code. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms13-015

Insight

The flaw is due to an error when handling permissions of a callback function when a certain WinForm object is created and can be exploited to bypass CAS (Code Access Security) restrictions via a specially crafted XAML Browser Application (XBAP) or an untrusted .NET application.

Affected

Microsoft .NET Framework 4 Microsoft .NET Framework 4.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 2.0 Service Pack 2

References

http://secunia.com/advisories/52143/
http://support.microsoft.com/kb/2800277
http://technet.microsoft.com/en-us/security/bulletin/ms13-015

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-0073

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (2879017)
Microsoft .NET Framework Privilege Elevation Vulnerability (3005210)
Microsoft Hyper-V Privilege Elevation Vulnerability (2893986)
Microsoft Expression Design Remote Code Execution Vulnerability (2651018)
Microsoft .NET Framework Remote Code Execution Vulnerability (3000414)

Take action and discover your vulnerabilities