Design/Logic Flaw

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation, which allows remote attackers to cause a denial of service application crash or hang via a crafted signed XML document, aka "Entity Expansion Vulnerability."...

Design/Logic Flaw

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5, allow remote attackers to execute arbitra...

CVE-2013-3860

CVE-2013-3860 affects Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5. The issue arises when parsing a DTD during XML digital-signature validation, enabling a remote attacker to cause a denial of service (application crash or hang) via a crafted signed XML document (Entity Expan...

CVE-2013-3860

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation, which allows remote attackers to cause a denial of service application crash or hang via a crafted signed XML document, aka "Entity Expansion Vulnerability."...

CVE-2013-3861

CVE-2013-3861 describes a denial-of-service vulnerability in Microsoft .NET Framework when parsing JSON data. A remote attacker could cause an application crash or hang by sending crafted JSON payloads. Affected products include .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5. The vulnera...

CVE-2013-3128

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5, allow remote attackers to execute arbitra...

CVE-2013-3861

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 allows remote attackers to cause a denial of service application crash or hang via crafted character sequences in JSON data, aka "JSON Parsing Vulnerability."...

CVE-2013-3128

CVE-2013-3128 describes a vulnerability in OpenType font parsing that affects kernel-mode drivers across multiple Windows editions (XP SP2/3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, 8, Server 2012, Windows RT) and certain .NET Framework versions. The issue arises in how Ope...

Microsoft .NET Framework Remote Code Execution Vulnerabilities (2878890)

This host is missing an critical security update according to Microsoft Bulletin MS13-082. OpenVAS Vulnerability Test $Id: secpodms13-082.nasl 6115 2017-05-12 09:03:25Z teissa $ Microsoft .NET Framework Remote Code Execution Vulnerabilities 2878890 Authors: Antu Sanadi Copyright: Copyright c 2013...

Microsoft .NET Framework Remote Code Execution Vulnerabilities (2878890)

This host is missing a critical security update according to Microsoft Bulletin MS13-082. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

MS13-082: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2878890)

The version of the .NET Framework installed on the remote host is reportedly affected by the following vulnerabilities : - A vulnerability exists in the way that affected components handle specially crafted OpenType fonts OTF that could lead to remote code execution. An attacker could leverage th...

Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2863243)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

Microsoft Windows OpenType Font Parsing CVE-2013-3128 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits will result in the execution of arbitrary code in kernel-mode. Failed attempts will cause a denial-of-service condition. Technologies Affected Avaya Aura Conferencing Standard Avaya CallPilot Avay...

Microsoft .NET Framework CVE-2013-3860 Remote Denial of Service Vulnerability

Description Microsoft .NET Framework is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an application to crash or become unresponsive, denying service to legitimate users. Technologies Affected Avaya Aura Conferencing Standard Avaya CallPilot Avaya...

Microsoft .NET Framework OpenType Font Parsing Remote Code Execution (MS13-082; CVE-2013-3128)

A remote code execution vulnerability has been reported in Microsoft .Net Framework...

Microsoft .NET Framework Entity Expansion Denial of Service (MS13-082; CVE-2013-3860)

A denial of service vulnerability exists in the .NET Framework...

Microsoft Releases October 2013 Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Office, Server Software, and Silverlight as part of the Microsoft Security Bulletin Summary for October 2013. These vulnerabilities could allow remote code execution or information...

MS13-082: Vulnerabilities in the .NET Framework could allow remote code execution: October 8, 2013

Resolves vulnerabilities in the Microsoft .NET Framework that could allow remote code execution or denial of service.View products that this article applies to.IntroductionThis update resolves vulnerabilities in the Microsoft .NET Framework that could allow remote code execution or denial of...

The October 2013 security updates

This month we release eight bulletins – four Critical and four Important - which address 25 unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight. For those who need to prioritize their deployment planning, we recommend focusing on MS13-080,...

Microsoft Readies Eight Patches, IE Zero Day Fix

Microsoft has announced that it plans to release eight patches next week as part of its October Patch Tuesday release, addressing flaws in its Windows, the .NET Framework, Office, Server, Silverlight and most importantly its Internet Explorer browser. Four of the patches are marked critical,...