Microsoft .NET Framework EncoderParameters.ConvertToMemory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft .NET Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft .NET Framework 远程权限提升漏洞(CVE-2013-0004)

Bugtraq ID:57113 CVE ID: CVE-2013-0004 Microsoft .NET Framework是一套由Microsoft分发的帮助开发者构建基于WEB应用的系统 Microsoft .NET Framework里存在的一个两次构建错误会导致不正确验证内存中某些对象的权限，攻击者可以构建特制的XMAL浏览器应用XBAP或不可信的.Net应用，诱使用户解析，可完全控制应用系统，执行任意代码 0 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.0 Microsoft .NET Framework...

Microsoft .NET Framework 远程权限提升漏洞(CVE-2013-0003)

Bugtraq ID:57114 CVE ID: CVE-2013-0003 Microsoft .NET Framework是一套由Microsoft分发的帮助开发者构建基于WEB应用的系统 Microsoft .NET Framework System.DirectoryServices.Protocols S.DS.P命名空间方法没有正确校验内存中的对象大小，在拷贝这些对象到数组之前缺少正确的边界检查，可触发缓冲区溢出。攻击者可以构建特制的XMAL浏览器应用XBAP或不可信的.Net应用，诱使用户解析，可完全控制应用系统，执行任意代码 0 Microsoft .NET...

Microsoft .NET Framework 远程权限提升漏洞(CVE-2013-0002)

Bugtraq ID:57126 CVE ID: CVE-2013-0002 Microsoft .NET Framework是一套由Microsoft分发的帮助开发者构建基于WEB应用的系统。 Microsoft .NET WinForms方法没有正确校验内存中的对象数量，在拷贝这些对象到数组之前缺少正确的边界检查，可触发缓冲区溢出。攻击者可以构建特制的XMAL浏览器应用XBAP或不可信的.Net应用，诱使用户解析，可完全控制应用系统，执行任意代码。 0 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.0...

Microsoft .NET Framework远程权限提升漏洞(MS13-004)

CVE ID: CVE-2013-0004 Microsoft .NET Framework是一套由Microsoft分发的帮助开发者构建基于WEB应用的系统。 Microsoft .NET Framework里存在的一个两次构建错误会导致不正确验证内存中某些对象的权限，攻击者可以构建特制的XMAL浏览器应用XBAP或不可信的.Net应用，诱使用户解析，可完全控制应用系统，执行任意代码。 0 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.0 Microsoft .NET Framework 3.5 Microsoft...

CVE-2013-0005

The WCF Replace function in the Open Data aka OData protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service resource consumption and daemon restart via craft...

CVE-2013-0004

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework application, aka...

CVE-2013-0003

Buffer overflow in a System.DirectoryServices.Protocols S.DS.P namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework application that...

CVE-2013-0002

Buffer overflow in the Windows Forms aka WinForms component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework application that leverag...

CVE-2013-0001

The Windows Forms aka WinForms component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework...

Buffer overflow

Buffer overflow in the Windows Forms aka WinForms component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework application that leverag...

Denial of service

The WCF Replace function in the Open Data aka OData protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service resource consumption and daemon restart via craft...

Information disclosure

The Windows Forms aka WinForms component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework...

Design/Logic Flaw

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework application, aka...

Buffer overflow

Buffer overflow in a System.DirectoryServices.Protocols S.DS.P namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework application that...

CVE-2013-0003

The CVE-2013-0003 entry details a buffer overflow in the System.DirectoryServices.Protocols (S.DS.P) namespace method of Microsoft .NET Framework (2.0 SP2 through 4.5). The root cause is a missing array-size boundary check during a memory-copy operation, enabling remote code execution via a craft...

CVE-2013-0004

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework application, aka...

CVE-2013-0005

The WCF Replace function in the Open Data aka OData protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service resource consumption and daemon restart via craft...

CVE-2013-0002

Microsoft .NET Framework WinForms Buffer Overflow (CVE-2013-0002) is triggered by improper counting of objects during a memory copy in Windows Forms, allowing remote code execution via a crafted XBAP or a crafted .NET application. Affected versions span 1.0 SP3 through 4.5. The root cause is a ra...

CVE-2013-0005

This CVE (CVE-2013-0005) affects Microsoft .NET Framework and the Management OData IIS Extension on Windows Server 2012. The vulnerability resides in the WCF Replace function of the Open Data (OData) protocol implementation, allowing remote attackers to cause a denial of service via crafted HTTP ...