Microsoft .NET Framework Multiple Vulnerabilities

Last Update Date: 15 May 2013 14:25 Release Date: 15 May 2013 3328 Views

RISK: Medium Risk

Medium Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

  1. XML Digital Signature Spoofing Vulnerability

    A spoofing vulnerability exists when the Microsoft .NET Framework fails to properly validate the signature of a specially crafted XML file. An attacker who successfully exploited this vulnerability could modify the contents of an XML file without invalidating the signature associated with the file.

     

  2. Authentication Bypass Vulnerability

    A security feature bypass vulnerability exists in the way that the Microsoft .NET Framework improperly creates policy requirements for authentication when setting up custom WCF endpoint authentication. An attacker who successfully exploited this vulnerability would have access to the endpoint functions as if they were authenticated, allowing an attacker to steal information or take any actions in the context of an authenticated user.

Impact

  • Spoofing

System / Technologies affected

  • Microsoft .NET Framework 2.0
  • Microsoft .NET Framework 3.5
  • Microsoft .NET Framework 3.5.1
  • Microsoft .NET Framework 4
  • Microsoft .NET Framework 4.5
  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows Server 2008 R2
  • Windows 8
  • Windows Server 2012
  • Windows RT

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Microsoft Windows HTTP.sys Denial of Service Vulnerability

15 May 2013 3381 Views

Next

Microsoft Lync Remote Code Execution Vulnerability

15 May 2013 3324 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY