| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS13-082 | Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2878890) | Microsoft .NET | Critical | 09-10-2013 |
Technical Information
Brief overview of the risk:
This security update resolves two privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft .NET Framework. The most severe of the vulnerabilities could allow remote code execution if a user visits a website containing a specially crafted OpenType font (OTF) file using a browser capable of instantiating XBAP applications.
Detailed Information on the risk:
A remote code execution vulnerability exists in the way that affected components handle specially crafted OpenType fonts (OTF). The vulnerability could allow remote code execution if a user visits a website hosting an XAML Browser Application (XBAP) containing a specially crafted OTF file. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Further information on this exploit is available at : MS13-082
Affected Software
Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 4