CVE-2013-3134

CVE-2013-3134 is a remote code execution vulnerability in the Common Language Runtime (CLR) of Microsoft .NET Framework on 64-bit platforms. The issue arises from how the CLR allocates arrays of structures, permitting an attacker to craft a .NET application that alters array data to execute arbit...

CVE-2013-3129

Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows ...

CVE-2013-3131

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via 1 a crafted .NET Framework application or 2 a crafted...

Microsoft .NET Framework Multiple Vulnerabilities (2861561)

This host is missing an important security update according to Microsoft Bulletin MS13-052. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft .NET Framework CVE-2013-3171 Remote Privilege Escalation Vulnerability

Description Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. An attacker can exploit this vulnerability to bypass certain Code Access Security CAS restrictions and gain elevated privileges. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya...

Microsoft .NET Framework CVE-2013-3133 Remote Privilege Escalation Vulnerability

Description Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. An attacker can exploit this vulnerability to bypass certain Code Access Security CAS restrictions and gain elevated privileges. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya...

Microsoft .NET Framework CVE-2013-3134 Remote Code Execution Vulnerability

Description Microsoft .NET Framework is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. Technologies Affected...

Microsoft .NET Framework CVE-2013-3132 Remote Privilege Escalation Vulnerability

Description Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. An attacker can exploit this vulnerability to bypass certain Code Access Security CAS restrictions and gain elevated privileges. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya...

Microsoft Windows TrueType Font CVE-2013-3129 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits will result in the execution of arbitrary code in kernel-mode. Failed attempts will cause a denial-of-service condition. The attacker can also exploit this issue through Microsoft Silverlight,...

CVE-2013-1336

The Common Language Runtime CLR in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature...

Spoofing

The Common Language Runtime CLR in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature...

CVE-2013-1336

The Common Language Runtime CLR in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature...

Microsoft .NET Framework Authentication Bypass and Spoofing Vulnerabilities (2836440)

This host is missing an important security update according to Microsoft Bulletin MS13-040. OpenVAS Vulnerability Test $Id: secpodms13-040.nasl 5365 2017-02-20 13:46:09Z cfi $ Microsoft .NET Framework Authentication Bypass and Spoofing Vulnerabilities 2836440 Authors: Thanga Prakash S Copyright:...

Microsoft .NET Framework Authentication Bypass and Spoofing Vulnerabilities (2836440)

This host is missing an important security update according to Microsoft Bulletin MS13-040. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft .NET Framework CVE-2013-1337 Authentication Bypass Vulnerability

Description Microsoft .NET Framework is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and gain unauthorized access to the application. This allows attackers to obtain sensitive information and perform unauthorized actio...

Microsoft .NET Framework XML Digital Signature CVE-2013-1336 Security Bypass Vulnerability

Description Microsoft .NET Framework is prone to a security-bypass vulnerability because it fails to properly validate the signature of a specially crafted XML file. Attackers can exploit this issue to bypass XML digital signature validation and spoof XML content by conducting man-in-the-middle...

Microsoft .NET XML Digital Signature Spoofing (MS13-040; CVE-2013-1336)

A spoofing vulnerability has been reported when the Microsoft .NET Framework fails to properly validate the signature of specially crafted XML files. Successful exploitation would allow an attacker to modify the contents of an XML file without invalidating the signature associated with the file...

Microsoft .NET Framework WinForms Buffer Overflow (CVE-2013-0002)

A buffer overflow vulnerability exists in Microsoft .NET Framework Windows Form. The vulnerability is due to a race condition when handling the size of an array of objects prior to copying them into a global memory buffer.An attacker can remotely exploit this vulnerability by enticing a user to...

Microsoft .NET Framework S.DS.P Namespace Method Buffer Overflow (CVE-2013-0003)

A buffer overflow exists in the System.DirectoryServices.Protocols S.DS.P namespace method in the .NET framework. The vulnerability is due to an error in the validation of the size of objects in memory prior to copying them into an array.An attacker can remotely exploit this vulnerability by...

Microsoft .NET Framework WinForms Information Disclosure (CVE-2013-0001)

A remote code execution vulnerability has been reported in the Microsoft .NET Framework. The vulnerability is due to the way WinForms handles pointers to unmanaged memory locations.A remote, unauthenticated attacker can exploit this vulnerability by either enticing a user to visit a maliciously...