Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution (2861561)

ITS Advisory Number: 
2013-064
Date(s) Issued: 
Tuesday, July 9, 2013
Subject: 
Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution (2861561)
Overview: 

Multiple vulnerabilities have been discovered in Microsofts .NET Framework and Silverlight that could allow for remote code execution. Microsoft.NET is a software framework for applications designed to run under Microsoft Windows. Microsoft Silverlight is a web application framework that provides support for .NET applications and is used for streaming media.

Successful exploitation of these vulnerabilities could result in an attacker taking complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

'
Systems Affected: 
  • Microsoft .NET Framework 1.0
  • Microsoft .NET Framework 1.1
  • Microsoft .NET Framework 2.0
  • Microsoft .NET Framework 3.0
  • Microsoft .NET Framework 3.5
  • Microsoft .NET Framework 4.0
  • Microsoft .NET Framework 4.5
  • Microsoft Silverlight 5
  • Microsoft Silverlight Developer Runtime
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

Seven vulnerabilities have been discovered in Microsoft .NET Framework, and Microsoft Silverlight. These vulnerabilities include;

Successful exploitation of these vulnerabilities could result in an attacker taking complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

Actions: 
  • Apply appropriate patches provided by Microsoft to vulnerable systems immediately after appropriate testing.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Remind users not to open e-mail attachments from unknown users or suspicious e-mails from trusted sources.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
References: 
Microsoft:
https://technet.microsoft.com/en-us/security/bulletin/ms13-052
CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3178