TITLE: Microsoft .NET Framework Multiple Vulnerabilities Criticality level: Highly critical Impact: DoS, System access Where: From remote Software: Microsoft .NET Framework 3.x Microsoft .NET Framework 4.x SECUNIA ADVISORY ID: http://secunia.com/advisories/49119/ DESCRIPTION: Some vulnerabilities have been reported in Microsoft .NET Framework, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a user's system. 1) An error when allocating certain buffers can be exploited via a specially crafted XAML Browser Application (XBAP) or an untrusted .NET application. Successful exploitation of this vulnerability allows execution of arbitrary code. 2) An error when comparing the value of an index within a WPF application can be exploited to cause an application to stop responding via specially crafted requests. 3) An error exists when parsing TrueType fonts. For more information: http://secunia.com/SA46724/ SOLUTION: Apply patches. ORIGINAL ADVISORY: MS12-034 (KB2681578, KB2656407, KB2656409, KB2656410, KB2656411, KB2656405): http://technet.microsoft.com/en-us/security/bulletin/ms12-034 ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-