Microsoft .NET Framework Remote Code Execution Vulnerabilities
Last Update Date:
9 Oct 2013 18:58
Release Date:
9 Oct 2013
3245
Views
RISK: High Risk
TYPE: Operating Systems - Windows OS
- OpenType Font Parsing Vulnerability
A remote code execution vulnerability exists in the way that affected components handle specially crafted OpenType fonts (OTF). The vulnerability could allow remote code execution if a user visits a website hosting an XAML Browser Application (XBAP) containing a specially crafted OTF file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. - Entity Expansion Vulnerability
A denial of service vulnerability exists in the .NET Framework that could allow an attacker to cause a server or application to crash or become unresponsive. - JSON Parsing Vulnerability
A denial of service vulnerability exists in the .NET Framework that could allow an attacker to cause a server or application to crash or become unresponsive.
Impact
- Denial of Service
- Elevation of Privilege
- Remote Code Execution
System / Technologies affected
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
- Windows Server 2008 R2
- Windows 8
- Windows Server 2012
- Windows RT
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Download location for patches:
http://technet.microsoft.com/en-us/security/bulletin/MS13-082
Vulnerability Identifier
Source
Related Link
Share with