Security Lab

Отказ в обслуживании в Microsoft .NET Framework

Дата публикации:08.10.2013
Дата изменения:09.10.2013
Всего просмотров:1503
Опасность:
Средняя
Наличие исправления: Да
Количество уязвимостей:2
CVSSv2 рейтинг: 5 (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
5 (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
CVE ID: CVE-2013-3860
CVE-2013-3861
Вектор эксплуатации: Удаленная
Воздействие: Отказ в обслуживании
CWE ID: Нет данных
Наличие эксплоита: Нет данных
Уязвимые продукты: Microsoft .NET Framework 2.x
Microsoft .NET Framework 3.x
Microsoft .NET Framework 4.x
Уязвимые версии:
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Microsoft .NET Framework 4.5

Описание:
Уязвимость позволяет пользователю выполнить произвольный код на целевой системе.

1. Уязвимость существует из-за ошибки при обработке XML-данных во время проверки цифровой XML-подписи. Удаленный пользователь может аварийно завершить работу приложения.

2. Уязвимость существует из-за ошибки при обработке JSON-данных (JavaScript Object Notation). Удаленный пользователь может с помощью специально сформированных JSON-данных (со специфической последовательностью символов) аварийно завершить работу приложения.

Примечание: Информация об уязвимости была доступна до выхода официального уведомления Microsoft.

URL производителя: http://www.microsoft.com/

Решение: Для устранения уязвимости установите исправление с сайта производителя.

Windows XP  
Windows XP Service Pack 3 Microsoft .NET Framework 2.0 Service Pack 2
(2863239)
Windows XP Service Pack 3 Microsoft .NET Framework 3.0 Service Pack 2
(2861189)
Windows XP Service Pack 3 Microsoft .NET Framework 3.5 Service Pack 1
(2861697)
Windows XP Service Pack 3 Microsoft .NET Framework 4[1]
(2858302)
Windows XP Service Pack 3 Microsoft .NET Framework 4[1]
(2861188)
Windows XP Professional x64 Edition Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2
(2863239)
Windows XP Professional x64 Edition Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2
(2861189)
Windows XP Professional x64 Edition Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1
(2861697)
Windows XP Professional x64 Edition Service Pack 2 Microsoft .NET Framework 4[1]
(2858302)
Windows XP Professional x64 Edition Service Pack 2 Microsoft .NET Framework 4[1]
(2861188)
Windows Server 2003  
Windows Server 2003 Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2
(2863239)
Windows Server 2003 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2
(2861189)
Windows Server 2003 Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1
(2861697)
Windows Server 2003 Service Pack 2 Microsoft .NET Framework 4[1]
(2858302)
Windows Server 2003 Service Pack 2 Microsoft .NET Framework 4[1]
(2861188)
Windows Server 2003 x64 Edition Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2
(2863239)
Windows Server 2003 x64 Edition Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2
(2861189)
Windows Server 2003 x64 Edition Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1
(2861697)
Windows Server 2003 x64 Edition Service Pack 2 Microsoft .NET Framework 4[1]
(2858302)
Windows Server 2003 x64 Edition Service Pack 2 Microsoft .NET Framework 4[1]
(2861188)
Windows Server 2003 with SP2 for Itanium-based Systems Microsoft .NET Framework 2.0 Service Pack 2
(2863239)
Windows Server 2003 with SP2 for Itanium-based Systems Microsoft .NET Framework 3.5 Service Pack 1
(2861697)
Windows Server 2003 with SP2 for Itanium-based Systems Microsoft .NET Framework 4[1]
(2858302)
Windows Vista  
Windows Vista Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2
(2863253)
Windows Vista Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2
(2861190)
Windows Vista Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1
(2861697)
Windows Vista Service Pack 2 Microsoft .NET Framework 4[1]
(2858302)
Windows Vista Service Pack 2 Microsoft .NET Framework 4[1]
(2861188)
Windows Vista Service Pack 2 Microsoft .NET Framework 4.5
(2861193)
Windows Vista Service Pack 2 Microsoft .NET Framework 4.5
(2861208)
Windows Vista x64 Edition Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2
(2863253)
Windows Vista x64 Edition Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2
(2861190)
Windows Vista x64 Edition Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1
(2861697)
Windows Vista x64 Edition Service Pack 2 Microsoft .NET Framework 4[1]
(2858302)
Windows Vista x64 Edition Service Pack 2 Microsoft .NET Framework 4[1]
(2861188)
Windows Vista x64 Edition Service Pack 2 Microsoft .NET Framework 4.5
(2861193)
Windows Vista x64 Edition Service Pack 2 Microsoft .NET Framework 4.5
(2861208)
Windows Server 2008  
Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2
(2863253)
Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2
(2861190)
Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1
(2861697)
Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4[1]
(2858302)
Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4[1]
(2861188)
Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4.5
(2861193)
Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4.5
(2861208)
Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2
(2863253)
Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2
(2861190)
Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1
(2861697)
Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 4[1]
(2858302)
Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 4[1]
(2861188)
Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 4.5
(2861193)
Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 4.5
(2861208)
Windows Server 2008 for Itanium-based Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2
(2863253)
Windows Server 2008 for Itanium-based Systems Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1
(2861697)
Windows Server 2008 for Itanium-based Systems Service Pack 2 Microsoft .NET Framework 4[1]
(2858302)
Windows 7  
Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 3.5.1
(2861191)
Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 3.5.1
(2861698)
Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 3.5.1
(2863240)
Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 4[1]
(2858302)
Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 4.5
(2861208)
Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1
(2861191)
Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1
(2861698)
Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1
(2863240)
Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4[1]
(2858302)
Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.5
(2861208)
Windows Server 2008 R2  
Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1
(2861191)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1
(2861698)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1
(2863240)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4[1]
(2858302)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.5
(2861208)
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1
(2861698)
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1
(2863240)
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Microsoft .NET Framework 4[1]
(2858302)
Windows 8  
Windows 8 for 32-bit Systems Microsoft .NET Framework 3.5
(2861194)
Windows 8 for 32-bit Systems Microsoft .NET Framework 3.5
(2861704)
Windows 8 for 32-bit Systems Microsoft .NET Framework 3.5
(2863243)
Windows 8 for 32-bit Systems Microsoft .NET Framework 4.5
(2861702)
Windows 8 for 64-bit Systems Microsoft .NET Framework 3.5
(2861194)
Windows 8 for 64-bit Systems Microsoft .NET Framework 3.5
(2861704)
Windows 8 for 64-bit Systems Microsoft .NET Framework 3.5
(2863243)
Windows 8 for 64-bit Systems Microsoft .NET Framework 4.5
(2861702)
Windows Server 2012  
Windows Server 2012 Microsoft .NET Framework 3.5
(2861194)
Windows Server 2012 Microsoft .NET Framework 3.5
(2861704)
Windows Server 2012 Microsoft .NET Framework 3.5
(2863243)
Windows Server 2012 Microsoft .NET Framework 4.5
(2861702)
Windows RT  
Windows RT Microsoft .NET Framework 4.5[2]
(2861702)
Server Core installation option  
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 3.5.1
(2861698)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 3.5.1
(2863240)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4[1]
(2858302)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.5
(2861208)
Windows Server 2012 (Server Core installation) Microsoft .NET Framework 3.5
(2861704)
Windows Server 2012 (Server Core installation) Microsoft .NET Framework 3.5
(2863243)
Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.5
(2861702)
Ссылки: MS13-082: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2878890)
Журнал изменений: a:2:{s:4:"TEXT";s:38:"09.10.2013 - незначительные изменения.";s:4:"TYPE";s:4:"html";}