Detections
Analytics
MS13-004: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2769324)
high Nessus Plugin ID 63422
Language:
Synopsis
The version of the .NET Framework installed on the remote host is affected by multiple vulnerabilities.Description
The remote Windows host is running a version of Microsoft .NET Framework that is affected by multiple vulnerabilities :- An information disclosure vulnerability exists in the way the Windows Forms in .NET Framework handle pointers to unmanaged memory locations. (CVE-2013-0001)
- A buffer overflow vulnerability in a Windows Form method in the .NET Framework exists that could be exploited to gain elevated privileges. (CVE-2013-0002)
- A method in the S.DS.P namespace of the .NET Framework is affected by a buffer overflow vulnerability which could be exploited to gain elevated privileges.
(CVE-2013-0003)
- The way the .NET Framework validates permissions of certain objects in memory has a flaw that could be exploited to gain elevated privileges. (CVE-2013-0004).
Solution
Microsoft has released a set of patches for the .NET Framework on Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.See Also
https://www.zerodayinitiative.com/advisories/ZDI-13-004/
https://www.zerodayinitiative.com/advisories/ZDI-13-005/
Plugin Details
Severity: High
ID: 63422
File Name: smb_nt_ms13-004.nasl
Version: 1.12
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 1/9/2013
Updated: 5/15/2020
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/o:microsoft:windows, cpe:/a:microsoft:.net_framework
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Ease: No known exploits are available
Patch Publication Date: 1/8/2013
Vulnerability Publication Date: 1/8/2013
Reference Information
CVE: CVE-2013-0001, CVE-2013-0002, CVE-2013-0003, CVE-2013-0004