<< Back
CVE Number Vulnerability Product Severity Date
MS13-040 Vulnerabilities in .NET Framework Could Allow Spoofing (2836440) Microsoft .NET Important 15-05-2013

Technical Information

Brief overview of the risk:
The more severe of the vulnerabilities could allow spoofing if a .NET application receives a specially crafted XML file. An attacker who successfully exploited the vulnerabilities could modify the contents of an XML file without invalidating the file’s signature and could gain access to endpoint functions as if they were an authenticated user.
Detailed Information on the risk:

A spoofing vulnerability exists when the Microsoft .NET Framework fails to properly validate the signature of a specially crafted XML file. An attacker who successfully exploited this vulnerability could modify the contents of an XML file without invalidating the signature associated with the file.


Further information on this exploit is available at : MS13-040

Affected Software

Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 4
Microsoft .NET Framework 4.5
Microsoft .NET Framework 3.5.1