Double Construction Vulnerability in Microsoft .NET Framework

Double Construction Vulnerability in Microsoft .NET Framework

CVE-2013-0004 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."

Learn more about our Web Application Penetration Testing UK.