Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0004

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2013-0004
Last Modified 02 Nov 2013 11:29:19
Published 09 Jan 2013 01:09:40
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-0004

Summary

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."

Vulnerable Systems

Application

  • Microsoft .net Framework 1.0

  • Microsoft .net Framework 1.1

  • Microsoft .net Framework 2.0

  • Microsoft .net Framework 3.5

  • Microsoft .net Framework 3.5.1

  • Microsoft .net Framework 4.0

  • Microsoft .net Framework 4.5


References

MS - MS13-004

CERT - TA13-008A

Related Patches

MS13-004 Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Win 2008 x86 (KB2742597)

MS13-004 Security Update for Microsoft .NET Framework 4.5 on Windows 7, Windows Vista, and Win 2008 x86 (KB2742613)

MS13-004 Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Vista SP2 and Win 2008 SP2 x86 (KB2742601)

MS13-004 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2742598)

MS13-004 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2756920)

MS13-004 Security Update for Microsoft .NET Framework 4.5 on Windows 7, Vista, Win 2008, Win 2008 R2 for x64 (KB2742613)

MS13-004 Security Update for Microsoft .NET Framework 3.5.1 on Win7 and 2008 R2 SP1 x64 (KB2742599)

MS13-004 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 x64 (KB2756920)

MS13-004 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 x64 (KB2742598)

MS13-004 Security Update for Microsoft .NET Framework 1.1 SP1 on Win 2003 and Win 2003 R2 x86 (KB2742604)

MS13-004 Security Update for Microsoft .NET Framework 2.0 SP2 on 2003 and XP x64 (KB2742596)

MS13-004 Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Vista SP2 and Win 2008 SP2 for x64 (KB2742601)

MS13-004 Security Update for Microsoft .NET Framework 3.0 SP2 on Vista SP2 and 2008 SP2 x64 (KB2756919)

MS13-004 Security Update for .NET 4 on XP, Server 2003, Vista, Win 7, Server 2008, Server 2008 R2 for x64 (KB2742595)


Last Updated: 27 May 2016 11:01:56