[PCWorks] Microsoft .NET Framework Multiple Vulnerabilities

• From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
• To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
• Date: Tue, 8 Jan 2013 22:52:30 -0600

TITLE:
Microsoft .NET Framework Multiple Vulnerabilities

Criticality level:  Highly critical
Impact:  Security Bypass, System access
Where:  From remote

Software:
 Microsoft .NET Framework 1.x
 Microsoft .NET Framework 2.x
 Microsoft .NET Framework 3.x
 Microsoft .NET Framework 4.x

SECUNIA ADVISORY ID:
http://secunia.com/advisories/51777/

DESCRIPTION:
Multiple vulnerabilities have been reported in Microsoft .NET
Framework, which can be exploited by malicious people to bypass
certain security restrictions and compromise a user's system.

1) An error within the System Drawing namespace of Windows 
Forms when
handling pointers can be exploited to bypass CAS (Code Access
Security) restrictions and disclose information via a specially
crafted XAML Browser Application (XBAP) or an untrusted .NET
application.

2) An error within WinForms when handling certain objects can 
be
exploited to cause a buffer overflow via a specially crafted 
XAML
Browser Application (XBAP) or an untrusted .NET application.

3) A boundary error within the 
System.DirectoryServices.Protocols
namespace when handling objects can be exploited to cause a 
buffer
overflow via a specially crafted XAML Browser Application 
(XBAP) or
an untrusted .NET application.

4) A double construction error within the framework does not 
validate
object permissions and can be exploited via a specially crafted 
XAML
Browser Application (XBAP) or an untrusted .NET application.

Successful exploitation of vulnerabilities #2 - #4 allows 
execution
of arbitrary code.

SOLUTION:
Apply updates.

ORIGINAL ADVISORY:
MS13-004 (KB2769324, KB2742607, KB2742597, KB2742596, 
KB2742595,
KB2756918, KB2742604, KB2742601, KB2742613, KB2756919, 
KB2742599,
KB2756921, KB2742598, KB2756920, KB2742616, KB2756923, 
KB2742614):
http://technet.microsoft.com/en-us/security/bulletin/ms13-004


=========================
The list's FAQ's can be seen by sending an email to 
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.

To unsubscribe, subscribe, set Digest or Vacation to on or off, go to 
//www.freelists.org/list/pcworks .  You can also send an email to 
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line.  Your 
member list settings can be found at 
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks .  Once logged in, you have 
access to numerous other email options.  

The list archives are located at //www.freelists.org/archives/pcworks/ .  
All email posted to the list will be placed there in the event anyone needs to 
look for previous posts.
-zxdjhu-

Other related posts:

• » [PCWorks] Microsoft .NET Framework Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Microsoft .NET Framework Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Microsoft .NET Framework Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Microsoft .NET Framework Multiple Vulnerabilities - Clint Hamilton-PCWorks Admin

1. Home
2. pcworks
3. Archive
4. 01-2013

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---