1392 matches found
Privilege escalation
The Windows Forms aka WinForms component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 ...
CVE-2013-0073
The Windows Forms aka WinForms component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 ...
Microsoft .NET Framework Privilege Elevation Vulnerability (2800277)
This host is missing an important security update according to Microsoft Bulletin MS13-015. OpenVAS Vulnerability Test $Id: secpodms13-015.nasl 5365 2017-02-20 13:46:09Z cfi $ Microsoft .NET Framework Privilege Elevation Vulnerability 2800277 Authors: Antu Sanadi Copyright: Copyright c 2013 SecPo...
Microsoft .NET Framework Privilege Elevation Vulnerability (2800277)
This host is missing an important security update according to Microsoft Bulletin MS13-015. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Microsoft .NET Framework CVE-2013-0073 Remote Privilege Escalation Vulnerability
Description The Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. Successful exploits may allow an attacker to execute arbitrary code with elevated privileges; this may result in the attacker gaining complete control of the affected system. Technologies Affected...
MS13-015: Vulnerability in the .NET Framework could allow elevation of privilege: February 12, 2013
Resolves a vulnerability in the Microsoft .NET Framework that could allow remote code execution on a client system if a user views a specially crafted webpage by using a web browser that can run XAML Browser Applications XBAPs.IntroductionMicrosoft has released security bulletin MS13-015. You can...
MS13-015: Vulnerability in .NET Framework Could Allow Elevation of Privilege (2800277)
The remote Windows host is running a version of the Microsoft .NET Framework that is affected by a privilege escalation vulnerability due to a flaw in the way .NET elevates the permissions of a callback function when a particular Windows Forms object is created. C Tenable Network Security, Inc...
Microsoft .NET Framework System.DirectoryServices.Protocols Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft .NET Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Microsoft .NET Framework EncoderParameters.ConvertToMemory Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft .NET Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Microsoft .NET Framework 远程权限提升漏洞(CVE-2013-0004)
Bugtraq ID:57113 CVE ID: CVE-2013-0004 Microsoft .NET Framework是一套由Microsoft分发的帮助开发者构建基于WEB应用的系统 Microsoft .NET Framework里存在的一个两次构建错误会导致不正确验证内存中某些对象的权限,攻击者可以构建特制的XMAL浏览器应用XBAP或不可信的.Net应用,诱使用户解析,可完全控制应用系统,执行任意代码 0 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.0 Microsoft .NET Framework...
Microsoft .NET Framework 远程权限提升漏洞(CVE-2013-0003)
Bugtraq ID:57114 CVE ID: CVE-2013-0003 Microsoft .NET Framework是一套由Microsoft分发的帮助开发者构建基于WEB应用的系统 Microsoft .NET Framework System.DirectoryServices.Protocols S.DS.P命名空间方法没有正确校验内存中的对象大小,在拷贝这些对象到数组之前缺少正确的边界检查,可触发缓冲区溢出。攻击者可以构建特制的XMAL浏览器应用XBAP或不可信的.Net应用,诱使用户解析,可完全控制应用系统,执行任意代码 0 Microsoft .NET...
CVE-2013-0004
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework application, aka...
CVE-2013-0003
Buffer overflow in a System.DirectoryServices.Protocols S.DS.P namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework application that...
CVE-2013-0005
The WCF Replace function in the Open Data aka OData protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service resource consumption and daemon restart via craft...
CVE-2013-0002
Buffer overflow in the Windows Forms aka WinForms component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework application that leverag...
CVE-2013-0001
The Windows Forms aka WinForms component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework...
Buffer overflow
Buffer overflow in the Windows Forms aka WinForms component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework application that leverag...
Buffer overflow
Buffer overflow in a System.DirectoryServices.Protocols S.DS.P namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework application that...
Denial of service
The WCF Replace function in the Open Data aka OData protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service resource consumption and daemon restart via craft...
Information disclosure
The Windows Forms aka WinForms component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework...