MS13-015: Vulnerability in .NET Framework Could Allow Elevation of Privilege (2800277)

critical Nessus Plugin ID 64576

Synopsis

The version of the .NET Framework installed on the remote host is affected by a privilege escalation vulnerability.

Description

The remote Windows host is running a version of the Microsoft .NET Framework that is affected by a privilege escalation vulnerability due to a flaw in the way .NET elevates the permissions of a callback function when a particular Windows Forms object is created.

Solution

Microsoft has released a set of patches for the .NET Framework on Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.

See Also

https://www.nessus.org/u?bf9aafbd

Plugin Details

Severity: Critical

ID: 64576

File Name: smb_nt_ms13-015.nasl

Version: 1.13

Type: local

Agent: windows

Published: 2/12/2013

Updated: 5/15/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2013-0073

Vulnerability Information

CPE: cpe:/o:microsoft:windows, cpe:/a:microsoft:.net_framework

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 2/12/2013

Vulnerability Publication Date: 2/12/2013

Reference Information

CVE: CVE-2013-0073

BID: 57847

IAVA: 2013-A-0040-S

MSFT: MS13-015

MSKB: 2789642, 2789643, 2789644, 2789645, 2789646, 2789648, 2789649, 2789650