Microsoft .NET Framework S.DS.P Namespace Method Buffer Overflow (CVE-2013-0003)
| Check Point Reference: | CPAI-2013-1321 | |
| Date Published: | ||
| Severity: | ||
| Industry Reference(s): | CVE-2013-0003 |
|
| Protection Provided by: |
Security Gateway
|
|
|
Who is Vulnerable? Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4 Microsoft .NET Framework 4.5 |
||
| Vulnerability Description A buffer overflow exists in the System.DirectoryServices.Protocols (S.DS.P) namespace method in the .NET framework. The vulnerability is due to an error in the validation of the size of objects in memory prior to copying them into an array.An attacker can remotely exploit this vulnerability by enticing a user to open a web page containing a specially crafted XBAP (XAML browser application). In addition, this vulnerability can also be exploited locally by a logged in user to escape Windows Code Access Security (CAS) Restrictions.Successful remote exploitation would allow arbitrary code execution in the context of the logged-in user. |
||
Protection Overview
This protection will detect and block attempts to open a specially crafted web page.
In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.