Windows : Microsoft Bulletins : Microsoft .NET Framework Privilege Elevation Vulnerability (2769324)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.902939

Categoría: Windows : Microsoft Bulletins

Título: Microsoft .NET Framework Privilege Elevation Vulnerability (2769324)

Resumen: This host is missing an important security update according to; Microsoft Bulletin MS13-004.

Descripción: Summary:
This host is missing an important security update according to
Microsoft Bulletin MS13-004.

Vulnerability Insight:
- An error within the System Drawing namespace of Windows Forms when handling
pointers can be exploited to bypass CAS (Code Access Security) restrictions and disclose information.

- An error within WinForms when handling certain objects can be exploited to
cause a buffer overflow.

- A boundary error within the System.DirectoryServices.Protocols namespace
when handling objects can be exploited to cause a buffer overflow.

- A double construction error within the framework does not validate object
permissions and can be exploited via a specially crafted XAML Browser
Application (XBAP) or an untrusted .NET application.

Vulnerability Impact:
Successful exploitation will allow an attacker to execute arbitrary code
with the privileges of the currently logged-in user. Failed attacks will cause denial-of-service conditions.

Affected Software/OS:
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0, 3.5, 3.5.1, 4 and 4.5.

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-0001
Microsoft Security Bulletin: MS13-004
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-004
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15814
Common Vulnerability Exposure (CVE) ID: CVE-2013-0002
Cert/CC Advisory: TA13-008A
http://www.us-cert.gov/cas/techalerts/TA13-008A.html
https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16343
Common Vulnerability Exposure (CVE) ID: CVE-2013-0003
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16381
Common Vulnerability Exposure (CVE) ID: CVE-2013-0004
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16339

Copyright Copyright (C) 2013 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.902939
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft .NET Framework Privilege Elevation Vulnerability (2769324)
Resumen:	This host is missing an important security update according to; Microsoft Bulletin MS13-004.
Descripción:	Summary: This host is missing an important security update according to Microsoft Bulletin MS13-004. Vulnerability Insight: - An error within the System Drawing namespace of Windows Forms when handling pointers can be exploited to bypass CAS (Code Access Security) restrictions and disclose information. - An error within WinForms when handling certain objects can be exploited to cause a buffer overflow. - A boundary error within the System.DirectoryServices.Protocols namespace when handling objects can be exploited to cause a buffer overflow. - A double construction error within the framework does not validate object permissions and can be exploited via a specially crafted XAML Browser Application (XBAP) or an untrusted .NET application. Vulnerability Impact: Successful exploitation will allow an attacker to execute arbitrary code with the privileges of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Affected Software/OS: Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0, 3.5, 3.5.1, 4 and 4.5. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-0001 Microsoft Security Bulletin: MS13-004 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-004 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15814 Common Vulnerability Exposure (CVE) ID: CVE-2013-0002 Cert/CC Advisory: TA13-008A http://www.us-cert.gov/cas/techalerts/TA13-008A.html https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16343 Common Vulnerability Exposure (CVE) ID: CVE-2013-0003 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16381 Common Vulnerability Exposure (CVE) ID: CVE-2013-0004 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16339
Copyright	Copyright (C) 2013 Greenbone AG