OVAL Reference oval:org.mitre.oval:def:15814

Oval Definition:

oval:org.mitre.oval:def:15814

Revision Date:	2014-08-18	Version:	26
Title:	System Drawing Information Disclosure Vulnerability - MS13-004
Description:	The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."
Family:	windows	Class:	vulnerability
Status:	ACCEPTED	Reference(s):	CVE-2013-0001
Platform(s):	Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 4.0
Definition Synopsis
Check for xp/server 2003/versions xp/server 2003 32/64/ia64 Microsoft Windows XP (32-bit) is installed OR Microsoft Windows XP x64 is installed OR Microsoft Windows Server 2003 (32-bit) is installed OR Microsoft Windows Server 2003 (x64) is installed OR Microsoft Windows Server 2003 (ia64) Gold is installed AND .net versions 1.1 sp1 Check if the version of System.drawing.dll is less than 1.1.4322.2502 AND Microsoft .NET Framework 1.1 Service Pack 1 is Installed OR 2.0 sp2 GDR/LDR Check if the version of System.drawing.dll is less than 2.0.50727.3644 AND Microsoft .NET Framework 2.0 Service Pack 2 is installed OR 4.0 GDR/LDR Check if the version of System.drawing.dll is less than 4.0.30319.1001 AND Microsoft .NET Framework 4.0 is installed OR vista sp2/win 2008 and versions vista 32/64/win 2008 Microsoft Windows Vista (32-bit) is installed OR Microsoft Windows Vista x64 Edition is installed OR Microsoft Windows Server 2008 (32-bit) is installed OR Microsoft Windows Server 2008 (64-bit) is installed OR Microsoft Windows Server 2008 (ia-64) is installed AND .net versions 1.1 sp1 Check if the version of System.drawing.dll is less than 1.1.4322.2502 AND Microsoft .NET Framework 1.1 Service Pack 1 is Installed OR 2.0 sp2 GDR/LDR Check if the version of System.drawing.dll is less than 2.0.50727.4235 AND Microsoft .NET Framework 2.0 Service Pack 2 is installed OR Check for .Net 3.0 GDR/LDR Check if the version of System.ServiceModel.dll is less than 3.0.4506.4214 AND Microsoft .NET Framework 3.0 SP2 is installed OR 4.0 GDR/LDR Check if the version of System.drawing.dll is less than 4.0.30319.1001 AND Microsoft .NET Framework 4.0 is installed OR win 7/versions win 7 32/64 Microsoft Windows 7 is installed OR Microsoft Windows Server 2008 R2 is installed OR Microsoft Windows 7 (32-bit) is installed OR Microsoft Windows 7 x64 Edition is installed OR Microsoft Windows Server 2008 R2 x64 Edition is installed OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND GDR/LDR Check if the version of System.drawing.dll is less than 4.0.30319.1001 OR LDR range Check if the version of System.drawing.dll is greater than or equal to 4.0.30319.2000 AND Check if the version of System.drawing.dll is less than 4.0.30319.2001 AND Microsoft .NET Framework 4.0 is installed OR Check for vulnerable XP/2003 Win XP/2003 Microsoft Windows XP (32-bit) is installed OR Microsoft Windows XP x64 is installed OR Microsoft Windows Server 2003 (32-bit) is installed OR Microsoft Windows Server 2003 (x64) is installed AND GDR/LDR Check if the version of System.ServiceModel.dll is less than 3.0.4506.4037 OR LDR range Check if version of System.ServiceModel.dll is greater than or equal to 3.0.4506.5000 AND Check if version of System.ServiceModel.dll is less than 3.0.4506.5845 AND Microsoft .NET Framework 3.0 SP2 is installed

BACK