CVE-2013-3171

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 2.0 SP2 through 4.5

Description The issue concerns the serialization functionality in Microsoft .NET Framework, which does not properly check the permissions of delegate objects. This allows remote attackers to execute arbitrary code via a crafted XAML browser application (XBAP) or a crafted .NET Framework application that leverages a partial-trust relationship. An elevation of privilege vulnerability exists in the way that the .NET Framework validates permissions for delegate objects during serialization.

Recommendations For Microsoft .NET Framework versions 2.0 SP2 through 4.5, consider restricting the use of serialization functionality until a patch is available. As a temporary workaround, avoid using delegate objects in serialization processes to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.