Signature Detail

Short Name	HTTP:STC:DL:DOT-NET-INFO-DISC
Severity	High
Recommended	No
Recommended Action	Drop
Category	HTTP
Keywords	Microsoft .NET Framework WinForms Information Disclosure
Release Date	2013/02/04
Update Number	2230
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Microsoft .NET Framework WinForms Information Disclosure

This signature detects attempts to exploit a known vulnerability against Microsoft .NET Framework WinForms. A successful attack can lead to unauthorized information disclosure.

Extended Description

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."

Affected Products

microsoft .net_framework 1.0 (sp3)
microsoft .net_framework 1.1 (sp1)
microsoft .net_framework 2.0 (sp2)
microsoft .net_framework 3.5
microsoft .net_framework 3.5.1
microsoft .net_framework 4.0
microsoft .net_framework 4.5

References

BugTraq: 57124
CVE: CVE-2013-0001

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Microsoft .NET Framework WinForms Information Disclosure

Extended Description

Affected Products

References