Microsoft .NET Framework WinForms Buffer Overflow (CVE-2013-0002)
| Check Point Reference: | CPAI-2013-1322 | |
| Date Published: | ||
| Severity: | ||
| Industry Reference(s): | CVE-2013-0002 |
|
| Protection Provided by: |
Security Gateway
|
|
|
Who is Vulnerable? Microsoft .NET Framework 1.0 Service Pack 3 Microsoft .NET Framework 1.1 Service Pack 1 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4 Microsoft .NET Framework 4.5 |
||
| Vulnerability Description A buffer overflow vulnerability exists in Microsoft .NET Framework Windows Form. The vulnerability is due to a race condition when handling the size of an array of objects prior to copying them into a global memory buffer.An attacker can remotely exploit this vulnerability by enticing a user to open a web page containing a specially crafted XBAP (XAML browser application). In addition, this vulnerability can also be exploited locally by a logged in user to escape Windows Code Access Security (CAS) Restrictions.Successful remote exploitation would allow arbitrary code execution in the context of the logged-in user. |
||
Protection Overview
This protection will detect and block attempts to open a specially crafted web page.
In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.