New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 7.4
SynopsisThe .NET Framework install on the remote Windows host could allow arbitrary code execution.
DescriptionThe version of the .NET Framework installed on the remote host is reportedly affected by the following vulnerabilities :
- A vulnerability exists in the way that affected components handle specially crafted OpenType fonts (OTF) that could lead to remote code execution. An attacker could leverage this issue by enticing a user to visit a web page containing a specially crafted OTF font file. (CVE-2013-3128)
- The .NET Framework is affected by a denial of service vulnerability when parsing a specially crafted document type definition (DTD) for XML data. (CVE-2013-3860)
SolutionMicrosoft has released a set of patches for .NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.0, and 4.5.