PT-2013-4162 · Microsoft · Silverlight+1
Alon Fliess
·
Published
2013-07-09
·
Updated
2018-10-12
·
CVE-2013-3131
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Microsoft .NET Framework versions 2.0 SP2, 3.5, 3.5.1, 4, and 4.5
Silverlight 5 before 5.1.20513.0
Description
A remote code execution issue exists in the way the .NET Framework handles multidimensional arrays of small structures. This allows remote attackers to execute arbitrary code via a crafted .NET Framework application or a crafted Silverlight application.
Recommendations
For Microsoft .NET Framework versions 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, update to a version that includes the fix for this issue.
For Silverlight 5, update to version 5.1.20513.0 or later.
As a temporary workaround, consider restricting the execution of crafted .NET Framework and Silverlight applications to minimize the risk of exploitation.
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
.Net Framework
Silverlight