CVE-2013-0003

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 2.0 SP2 through 4.5

Description A buffer overflow issue exists in the System.DirectoryServices.Protocols namespace method, allowing remote attackers to execute arbitrary code via a crafted XAML browser application or a crafted .NET Framework application. This occurs due to a missing array-size check during a memory copy operation. The vulnerability can be exploited to gain elevation of privilege, enabling an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft .NET Framework versions 2.0 SP2 through 4.5, consider disabling the vulnerable System.DirectoryServices.Protocols namespace method until a patch is available. Restrict access to the affected .NET Framework applications to minimize the risk of exploitation. Avoid using crafted XAML browser applications or .NET Framework applications that leverage the missing array-size check during a memory copy operation until the issue is resolved.