CVE-2013-3860

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5

Description The issue is related to the improper parsing of a DTD during XML digital-signature validation, which can be exploited by remote attackers to cause a denial of service. This can result in an application crash or hang via a crafted signed XML document.

Recommendations For Microsoft .NET Framework versions 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5, update to a version that properly handles DTD parsing during XML digital-signature validation to prevent denial of service attacks.