Security Lab

Компрометация системы в Microsoft .NET Framework

Дата публикации:08.10.2013
Дата изменения:09.10.2013
Всего просмотров:2049
Опасность:
Высокая
Наличие исправления: Да
Количество уязвимостей:1
CVSSv2 рейтинг: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:O/RC:C)
CVE ID: CVE-2013-3128
Вектор эксплуатации: Удаленная
Воздействие: Компрометация системы
CWE ID: Нет данных
Наличие эксплоита: Нет данных
Уязвимые продукты: Microsoft .NET Framework 4.x
Microsoft .NET Framework 3.x
Уязвимые версии:
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Microsoft .NET Framework 4.5

Описание:
Уязвимость позволяет пользователю выполнить произвольный код на целевой системе.

Уязвимость существует из-за ошибки при обработке шрифтов OpenType, встроенных в браузерные приложения XAML. Удаленный пользователь может с помощью специально сформированного OTF-файла выполнить произвольный код на целевой системе.

URL производителя: http://www.microsoft.com/

Решение: Для устранения уязвимости установите исправление с сайта производителя.

Windows XP  
Windows XP Service Pack 3 Microsoft .NET Framework 2.0 Service Pack 2
(2863239)
Windows XP Service Pack 3 Microsoft .NET Framework 3.0 Service Pack 2
(2861189)
Windows XP Service Pack 3 Microsoft .NET Framework 3.5 Service Pack 1
(2861697)
Windows XP Service Pack 3 Microsoft .NET Framework 4[1]
(2858302)
Windows XP Service Pack 3 Microsoft .NET Framework 4[1]
(2861188)
Windows XP Professional x64 Edition Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2
(2863239)
Windows XP Professional x64 Edition Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2
(2861189)
Windows XP Professional x64 Edition Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1
(2861697)
Windows XP Professional x64 Edition Service Pack 2 Microsoft .NET Framework 4[1]
(2858302)
Windows XP Professional x64 Edition Service Pack 2 Microsoft .NET Framework 4[1]
(2861188)
Windows Server 2003  
Windows Server 2003 Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2
(2863239)
Windows Server 2003 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2
(2861189)
Windows Server 2003 Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1
(2861697)
Windows Server 2003 Service Pack 2 Microsoft .NET Framework 4[1]
(2858302)
Windows Server 2003 Service Pack 2 Microsoft .NET Framework 4[1]
(2861188)
Windows Server 2003 x64 Edition Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2
(2863239)
Windows Server 2003 x64 Edition Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2
(2861189)
Windows Server 2003 x64 Edition Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1
(2861697)
Windows Server 2003 x64 Edition Service Pack 2 Microsoft .NET Framework 4[1]
(2858302)
Windows Server 2003 x64 Edition Service Pack 2 Microsoft .NET Framework 4[1]
(2861188)
Windows Server 2003 with SP2 for Itanium-based Systems Microsoft .NET Framework 2.0 Service Pack 2
(2863239)
Windows Server 2003 with SP2 for Itanium-based Systems Microsoft .NET Framework 3.5 Service Pack 1
(2861697)
Windows Server 2003 with SP2 for Itanium-based Systems Microsoft .NET Framework 4[1]
(2858302)
Windows Vista  
Windows Vista Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2
(2863253)
Windows Vista Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2
(2861190)
Windows Vista Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1
(2861697)
Windows Vista Service Pack 2 Microsoft .NET Framework 4[1]
(2858302)
Windows Vista Service Pack 2 Microsoft .NET Framework 4[1]
(2861188)
Windows Vista Service Pack 2 Microsoft .NET Framework 4.5
(2861193)
Windows Vista Service Pack 2 Microsoft .NET Framework 4.5
(2861208)
Windows Vista x64 Edition Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2
(2863253)
Windows Vista x64 Edition Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2
(2861190)
Windows Vista x64 Edition Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1
(2861697)
Windows Vista x64 Edition Service Pack 2 Microsoft .NET Framework 4[1]
(2858302)
Windows Vista x64 Edition Service Pack 2 Microsoft .NET Framework 4[1]
(2861188)
Windows Vista x64 Edition Service Pack 2 Microsoft .NET Framework 4.5
(2861193)
Windows Vista x64 Edition Service Pack 2 Microsoft .NET Framework 4.5
(2861208)
Windows Server 2008  
Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2
(2863253)
Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2
(2861190)
Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1
(2861697)
Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4[1]
(2858302)
Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4[1]
(2861188)
Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4.5
(2861193)
Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4.5
(2861208)
Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2
(2863253)
Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2
(2861190)
Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1
(2861697)
Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 4[1]
(2858302)
Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 4[1]
(2861188)
Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 4.5
(2861193)
Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 4.5
(2861208)
Windows Server 2008 for Itanium-based Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2
(2863253)
Windows Server 2008 for Itanium-based Systems Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1
(2861697)
Windows Server 2008 for Itanium-based Systems Service Pack 2 Microsoft .NET Framework 4[1]
(2858302)
Windows 7  
Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 3.5.1
(2861191)
Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 3.5.1
(2861698)
Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 3.5.1
(2863240)
Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 4[1]
(2858302)
Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 4.5
(2861208)
Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1
(2861191)
Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1
(2861698)
Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1
(2863240)
Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4[1]
(2858302)
Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.5
(2861208)
Windows Server 2008 R2  
Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1
(2861191)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1
(2861698)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1
(2863240)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4[1]
(2858302)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.5
(2861208)
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1
(2861698)
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1
(2863240)
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Microsoft .NET Framework 4[1]
(2858302)
Windows 8  
Windows 8 for 32-bit Systems Microsoft .NET Framework 3.5
(2861194)
Windows 8 for 32-bit Systems Microsoft .NET Framework 3.5
(2861704)
Windows 8 for 32-bit Systems Microsoft .NET Framework 3.5
(2863243)
Windows 8 for 32-bit Systems Microsoft .NET Framework 4.5
(2861702)
Windows 8 for 64-bit Systems Microsoft .NET Framework 3.5
(2861194)
Windows 8 for 64-bit Systems Microsoft .NET Framework 3.5
(2861704)
Windows 8 for 64-bit Systems Microsoft .NET Framework 3.5
(2863243)
Windows 8 for 64-bit Systems Microsoft .NET Framework 4.5
(2861702)
Windows Server 2012  
Windows Server 2012 Microsoft .NET Framework 3.5
(2861194)
Windows Server 2012 Microsoft .NET Framework 3.5
(2861704)
Windows Server 2012 Microsoft .NET Framework 3.5
(2863243)
Windows Server 2012 Microsoft .NET Framework 4.5
(2861702)
Windows RT  
Windows RT Microsoft .NET Framework 4.5[2]
(2861702)
Server Core installation option  
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 3.5.1
(2861698)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 3.5.1
(2863240)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4[1]
(2858302)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.5
(2861208)
Windows Server 2012 (Server Core installation) Microsoft .NET Framework 3.5
(2861704)
Windows Server 2012 (Server Core installation) Microsoft .NET Framework 3.5
(2863243)
Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.5
(2861702)
Ссылки: MS13-082: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2878890)
Журнал изменений: a:2:{s:4:"TEXT";s:38:"09.10.2013 - незначительные изменения.";s:4:"TYPE";s:4:"html";}