Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerabilities

Last Update Date: 10 Jul 2013 15:14 Release Date: 10 Jul 2013 3912 Views

RISK: High Risk

TYPE: Clients - Productivity Products

TrueType Font Parsing Vulnerability
A remote code execution vulnerability exists in the way that affected components handle specially crafted TrueType font files. The vulnerability could allow remote code execution if a user opens a specially crafted TrueType font file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
Array Access Violation Vulnerability
A remote code execution vulnerability exists in the way the .NET Framework handles multidimensional arrays of small structures.
Delegate Reflection Bypass Vulnerability
An elevation of privilege vulnerability exists in the way that .NET Framework validates the permissions of certain objects performing reflection. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Anonymous Method Injection Vulnerability
An elevation of privilege vulnerability exists in the way that the .NET Framework validates permissions for objects involved with reflection.
Array Allocation Vulnerability
A remote code execution vulnerability exists in the way that Microsoft .NET Framework allocates arrays of small structures.
Delegate Serialization Vulnerability
An elevation of privilege vulnerability exists in the way that the .NET Framework validates permissions for delegate objects during serialization.
Null Pointer Vulnerability
A remote code execution vulnerability exists in the way Microsoft Silverlight handles a null pointer.