<< Back
CVE Number Vulnerability Product Severity Date
MS13-082 Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2878890) Microsoft .NET Critical 09-10-2013

Technical Information

Brief overview of the risk:
This security update resolves two privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft .NET Framework. The most severe of the vulnerabilities could allow remote code execution if a user visits a website containing a specially crafted OpenType font (OTF) file using a browser capable of instantiating XBAP applications.
Detailed Information on the risk:

A remote code execution vulnerability exists in the way that affected components handle specially crafted OpenType fonts (OTF). The vulnerability could allow remote code execution if a user visits a website hosting an XAML Browser Application (XBAP) containing a specially crafted OTF file. An attacker who successfully exploited this vulnerability could take complete control of an affected system.


Further information on this exploit is available at : MS13-082

Affected Software

Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 4