HTTP: Microsoft .NET Framework WinForms Information Disclosure
This signature detects attempts to exploit a known vulnerability against Microsoft .NET Framework WinForms. A successful attack can lead to unauthorized information disclosure.
Extended Description
The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."
Short Name
HTTP:STC:DL:DOT-NET-INFO-DISC
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
.NET CVE-2013-0001 Disclosure Framework Information Microsoft WinForms bid:57124
Release Date
02/04/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3733
False Positive
Unknown
CVSS Score
4.3