Signature Detail
Short Name |
HTTP:STC:DOTNET-WINFORMS-RCE |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft .NET Framework WinForms Remote Code Execution |
Release Date |
2013/02/17 |
Update Number |
2234 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Microsoft .NET Framework WinForms Remote Code Execution
This signature detects attempts to exploit a known vulnerability in Microsoft .NET Framework Windows Form. A successful attack can lead to arbitrary code execution.
Extended Description
Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."
Affected Products
- microsoft .net_framework 1.0 (sp3)
- microsoft .net_framework 1.1 (sp1)
- microsoft .net_framework 2.0 (sp2)
- microsoft .net_framework 3.5
- microsoft .net_framework 3.5.1
- microsoft .net_framework 4.0
- microsoft .net_framework 4.5
References
- BugTraq: 57126
- CVE: CVE-2013-0002