|MS13-082||Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2878890)||Microsoft .NET||Critical||09-10-2013|
Brief overview of the risk:
This security update resolves two privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft .NET Framework. The most severe of the vulnerabilities could allow remote code execution if a user visits a website containing a specially crafted OpenType font (OTF) file using a browser capable of instantiating XBAP applications.
Detailed Information on the risk:
A remote code execution vulnerability exists in the way that affected components handle specially crafted OpenType fonts (OTF). The vulnerability could allow remote code execution if a user visits a website hosting an XAML Browser Application (XBAP) containing a specially crafted OTF file. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Further information on this exploit is available at : MS13-082
Affected SoftwareMicrosoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 4