MS13-015: Vulnerability in the .NET Framework could allow elevation of privilege: February 12, 2013

<html><body><p>Resolves a vulnerability in the Microsoft .NET Framework that could allow remote code execution on a client system if a user views a specially crafted webpage by using a web browser that can run XAML Browser Applications (XBAPs).</p><h2>Introduction</h2><div>Microsoft has released security bulletin MS13-015. You can view the complete security bulletin by going to one of the following Microsoft websites: <ul><li>Home users:<br /><a href=“http://www.microsoft.com/security/pc-security/bulletins/201302.aspx” target=“_self”>http://www.microsoft.com/security/pc-security/bulletins/201302.aspx</a></li><li>IT professionals:<br /><a href=“http://technet.microsoft.com/security/bulletin/ms13-015” target=“_self”>http://technet.microsoft.com/security/bulletin/MS13-015</a></li></ul></div><h2></h2><div><h3>How to obtain help and support for this security update</h3>Help installing updates: <a href=“https://support.microsoft.com/ph/6527” target=“_self”>Support for Microsoft Update</a><br /><br />Security solutions for IT professionals: <a href=“http://technet.microsoft.com/security/bb980617.aspx” target=“_self”>TechNet Security Troubleshooting and Support</a><br /><br />Help protect your Windows-based computer from viruses and malware: <a href=“https://support.microsoft.com/contactus/cu_sc_virsec_master” target=“_self”>Virus Solution and Security Center</a><br /><br />Local support according to your country: <a href=“https://support.microsoft.com/common/international.aspx” target=“_self”>International Support</a></div><h2>More Information</h2><div><h4>More information about this update</h4>The following Microsoft Knowledge Base articles contain more information about this update as it relates to individual product versions. The articles may contain information that is specific to the individual updates, such as download URLs, prerequisites, and command-line switches.<br /><br /><h5>The Microsoft .NET Framework 4.5</h5><ul><li><a href=“https://support.microsoft.com/en-us/help/2789649”>2789649 </a> MS13-015: Description of the security update for the .NET Framework 4.5 on Windows 8 and Windows Server 2012: February 12, 2013</li><li><a href=“https://support.microsoft.com/en-us/help/2789648”>2789648 </a> MS13-015: Description of the security update for the .NET Framework 4.5 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2: February 12, 2013</li></ul><h5>The Microsoft .NET Framework 4</h5><ul><li><a href=“https://support.microsoft.com/en-us/help/2789642”>2789642 </a> MS13-015: Description of the security update for the .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: February 12, 2013</li></ul><h5>The Microsoft .NET Framework 3.5.1</h5><ul><li><a href=“https://support.microsoft.com/en-us/help/2789644”>2789644 </a> MS13-015: Description of the security update for the .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2: February 12, 2013</li><li><a href=“https://support.microsoft.com/en-us/help/2789645”>2789645 </a> MS13-015: Description of the security update for the .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: February 12, 2013</li></ul><h5>The Microsoft .NET Framework 3.5</h5><ul><li><a href=“https://support.microsoft.com/en-us/help/2789650”>2789650 </a> MS13-015: Description of the security update for the .NET Framework 3.5 on Windows 8 and Windows Server 2012: February 12, 2013</li></ul><h5>The Microsoft .NET Framework 2.0</h5><ul><li><a href=“https://support.microsoft.com/en-us/help/2789646”>2789646 </a> MS13-015: Description of the security update for the .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: February 12, 2013</li><li><a href=“https://support.microsoft.com/en-us/help/2789643”>2789643 </a> MS13-015: Description of the security update for the .NET Framework 2.0 Service Pack 2 on Windows XP and Windows Server 2003: February 12, 2013</li></ul></div><h2></h2><div><h4>Update replacement information</h4>Update replacement information for each specific update can be found in the Knowledge Base articles that correspond to this update.</div><h2></h2><div><div><div><div><span><span></span></span><span><span>File hash information</span></span></div><div><span><div><div><table><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>NDP20SP2-KB2789643-IA64.exe</td><td>2DEC8694A4DF6760215AC9AB49DD90E6A6E36B4C</td><td>7E5BD907D45DBA21551BC860EF7F4BC2C5D153FC848F6B0A1E419C87BF18386E</td></tr><tr><td>NDP20SP2-KB2789643-x64.exe</td><td>D896D551E623EBC82370BE7C82687C2D60DF4F94</td><td>4C803150739978001F9D04F54DF4B59E1AE611829D046C26C93FB844563B9532</td></tr><tr><td>NDP20SP2-KB2789643-x86.exe</td><td>252AF3B6F715B2446FAC3B169B1AA9711BCE6BFD</td><td>67E1373790431DE63A410380C7E7C8D76EA037F343C9CE115D8EE887A591E404</td></tr><tr><td>NDP40-KB2789642-IA64.exe</td><td>301743894B1DAACD43C520669B08467ABC787949</td><td>BF3E6A7F96B25C0BB8370EFAE41571CB4F28E56FE69BEB1FB5F19CD35C0F9521</td></tr><tr><td>NDP40-KB2789642-x64.exe</td><td>EA048475842CD169FD371AB3AE75D386DDFCBA83</td><td>9594FDD40A3D4107C5B803473BC39F0A31D0F872C5B4DC7A3B7DC77A251733A2</td></tr><tr><td>NDP40-KB2789642-x86.exe</td><td>3A1D5C9A88C876B3F5A066B8A0AA34334B3A97D0</td><td>C819F9BB5C8F7F7566C7C477B7FCE85E877368226B90ACDFC9D2EAE6FAF71900</td></tr><tr><td>NDP45-KB2789648-x64.exe</td><td>3C9EC5BE0B45ABFC4BA02BC833F30878231584C1</td><td>55647149DDFC836B25345FCBA2FBEB30A1066FFAFB75E7AA8EC89A9E779F4F91</td></tr><tr><td>NDP45-KB2789648-x86.exe</td><td>00DFDB242D7A75A806FA729EC15BA752B47AADF9</td><td>96B2FB3C7E719F8D1DFB3362835495BCECAD57819BF0374C1486D656B5D76577</td></tr><tr><td>Windows6.0-KB2789646-ia64.msu</td><td>A34049F8883E7D3164FC0E17A8F1C8A2A07C5480</td><td>28FDE8005E2C5420E5E502975365755C50F2D44CCE826CBF2D42D78413BB254A</td></tr><tr><td>Windows6.0-KB2789646-x64.msu</td><td>EBF043D42834A8D56F9E146078819FACB08BBA88</td><td>3E0A25A7BFEF82CF9D4E0371BC84B259DC61FAA871FA0AEEBC18209D13753155</td></tr><tr><td>Windows6.0-KB2789646-x86.msu</td><td>920581CE1545A4F04FF58869EA556955252AE911</td><td>92CCD45832E75988A13A96EAF011796DAC20F6990FAA6A534C1ADD865B18096B</td></tr><tr><td>Windows6.1-KB2789644-ia64.msu</td><td>2D5206EC362A0624086575CE40FD08DD23C9DF25</td><td>D5809C632112CB660037BD5573820EE826FA66C4B5973152D1DE6B9C5777857B</td></tr><tr><td>Windows6.1-KB2789644-x64.msu</td><td>85D6CF36461548008889A5D0D2770125298A285B</td><td>4EC0CB8686F5A6BAC2A914AC6C2BBA9C6EEC45CBCB57828683BDB144E5E2D324</td></tr><tr><td>Windows6.1-KB2789644-x86.msu</td><td>6024BC74C7E736960A8D42D42993D1EA5FA84F77</td><td>E195706B9DF7864A13A804C98E43724BCF5D437D899180CCEF6F68E786C4BB54</td></tr><tr><td>Windows6.1-KB2789645-ia64.msu</td><td>F23AE1F050FA0A03951E388E563B4AAEA21AF9C1</td><td>3EC63CEE3BA6579444F23282A2619232079B9549D4C615FD648C67E9277CF1A2</td></tr><tr><td>Windows6.1-KB2789645-x64.msu</td><td>BBC2A9E0FEF17440F8B25B5A578FB6EF6337DE26</td><td>D825D138A5B9C2350F49B4248B655206E59DB8C031FED3E04D19F35B436F5B19</td></tr><tr><td>Windows6.1-KB2789645-x86.msu</td><td>C18FFA86730F7C050E55415E087766090058BA71</td><td>D0A5E28BB738E7519745DE903A0FDDC888053232EC3BAB3064DB4E33EE04F6E8</td></tr><tr><td>Windows8-RT-KB2789649-arm.msu</td><td>192B47F29037F9BD5A3FBD4C917AD02AC68B9D07</td><td>2339E659EE9088F37F4925E5CEC73507E97B990E0A8A90758939C6A179BE3BC6</td></tr><tr><td>Windows8-RT-KB2789649-x64.msu</td><td>CF718A128EC7D99DBE800D91795990E3D1FF2260</td><td>65AEB2A6490CB51AEDF90FF7A7F52FCEC3A990F05147273F7F92DA887CFCE1B2</td></tr><tr><td>Windows8-RT-KB2789649-x86.msu</td><td>59D43872E260A2865D8F2B26DB0120AC4A1DF88B</td><td>F01EBDFAF10EDB7B0B0FAC2ADF164B6CF6DBEB8BA995AC4D21F358C0BBF4DA8B</td></tr><tr><td>Windows8-RT-KB2789650-arm.msu</td><td>368189E2EE6E9E050632C6CA420F30A9B028090F</td><td>E0BC05E6642AE4915ACCC5655C437D70FDB191D7B1013D6B61BE6CA5A4D43FB7</td></tr><tr><td>Windows8-RT-KB2789650-x64.msu</td><td>60D29417DF6E4AF5B9359DC01E653E2608544412</td><td>F037106FDF6E640F18742E063C2E6138E2AD40043B13DC5D3BD8F3904FF91B7E</td></tr><tr><td>Windows8-RT-KB2789650-x86.msu</td><td>346B357CAA376E6FDEB6E4B2A67FCD380EBC146B</td><td>B8D4A18C3D4E0CE9287844315172135705D380D55634D369467E06AC32F8B993</td></tr></table></div></div><br /></span></div></div></div></div><h2></h2><div><a></a><br /><h3>Applies to</h3>This article applies to the following:<ul><li>Microsoft .NET Framework 4.5 when used with:<ul><li>Windows 8</li><li>Windows Server 2012</li><li>Windows 7 Service Pack 1</li><li>Windows Server 2008 R2 Service Pack 1</li><li>Windows Vista Service Pack 2</li><li>Windows Server 2008 Service Pack 2</li></ul></li><li>Microsoft .NET Framework 4 when used with:<ul><li>Windows 7</li><li>Windows 7 Service Pack 1</li><li>Windows Server 2008 R2</li><li>Windows Server 2008 R2 Service Pack 1</li><li>Windows Vista Service Pack 2</li><li>Windows Server 2008 Service Pack 2</li><li>Windows XP Service Pack 3</li><li>Windows Server 2003 Service Pack 2</li></ul></li><li>Microsoft .NET Framework 3.5.1 when used with:<ul><li>Windows 7</li><li>Windows 7 Service Pack 1</li><li>Windows Server 2008 R2</li><li>Windows Server 2008 R2 Service Pack 1</li></ul></li><li>Microsoft .NET Framework 3.5 when used with:<ul><li>Windows 8</li><li>Windows Server 2012</li></ul></li><li>Microsoft .NET Framework 2.0 Service Pack 2 when used with:<ul><li>Windows Vista Service Pack 2</li><li>Windows Server 2008 Service Pack 2</li><li>Microsoft Windows XP Service Pack 3</li><li>Microsoft Windows Server 2003 Service Pack 2</li></ul></li></ul></div></body></html>