Oval Definition:	oval:org.mitre.oval:def:18517
Revision Date: 2014-08-18 Version: 27 Title: Entity Expansion Vulnerability (CVE-2013-3860) - MS13-082 Description: Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation, which allows remote attackers to cause a denial of service (application crash or hang) via a crafted signed XML document, aka "Entity Expansion Vulnerability." Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2013-3860 Platform(s): Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP Product(s): Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.0 Microsoft .NET Framework 4.5 Definition Synopsis .Net Framework 2.0 SP2 and vulnerable file version Microsoft .NET Framework 2.0 Service Pack 2 is installed AND XP/2k3/2k8/Vista and vulnerable files version XP/2K3 and vulnerable files versions XP / 2K3 Microsoft Windows XP (32-bit) is installed OR Microsoft Windows XP x64 is installed OR Microsoft Windows Server 2003 (32-bit) is installed OR Microsoft Windows Server 2003 (x64) is installed OR Microsoft Windows Server 2003 (ia64) Gold is installed AND LDR/GDR Check if the version of System.Security.dll is less than 2.0.50727.3652 OR Vista/2K8 and vulnerable files versions Vista / 2k8 Microsoft Windows Vista (32-bit) is installed OR Microsoft Windows Vista x64 Edition is installed OR Microsoft Windows Server 2008 (32-bit) is installed OR Microsoft Windows Server 2008 (64-bit) is installed OR Microsoft Windows Server 2008 (ia-64) is installed AND Check for vulnerable versions Check if the version of System.Security.dll is less than 2.0.50727.4245 OR .net 3.5 sp1 + win xp/2k3/vista/2k8 Microsoft .NET Framework 3.5 SP1 is installed AND XP/2k3/2k8/Vista/Win8/2k12 and vulnerable files version XP/2k3/2k8/Vista and vulnerable files version XP/2k3/2k8/Vista Microsoft Windows XP (32-bit) is installed OR Microsoft Windows XP x64 is installed OR Microsoft Windows Server 2003 (32-bit) is installed OR Microsoft Windows Server 2003 (x64) is installed OR Microsoft Windows Server 2003 (ia64) Gold is installed OR Microsoft Windows Vista (32-bit) is installed OR Microsoft Windows Vista x64 Edition is installed OR Microsoft Windows Server 2008 (32-bit) is installed OR Microsoft Windows Server 2008 (64-bit) is installed OR Microsoft Windows Server 2008 (ia-64) is installed AND Check for vulnerable versions Check if the version of System.Web.Extensions.dll is less than 3.5.30729.4056 OR Win 7 / R2 and vulnerable files version Win 7 / R2 Microsoft Windows 7 (32-bit) is installed OR Microsoft Windows 7 x64 Edition is installed OR Microsoft Windows Server 2008 R2 x64 Edition is installed OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Check for vulnerable version Check if the version of system.web.extensions.dll is less than 3.5.30729.5458 OR Check if the version of system.security.dll is less than 2.0.50727.5475 OR .net 4.0 + win xp/2k3/vista/2k8/win7/R2 Microsoft .NET Framework 4.0 is installed AND XP/2k3/2k8/Vista/Win7/R2 Microsoft Windows XP (32-bit) is installed OR Microsoft Windows XP x64 is installed OR Microsoft Windows Server 2003 (32-bit) is installed OR Microsoft Windows Server 2003 (x64) is installed OR Microsoft Windows Server 2003 (ia64) Gold is installed OR Microsoft Windows Vista (32-bit) is installed OR Microsoft Windows Vista x64 Edition is installed OR Microsoft Windows Server 2008 (32-bit) is installed OR Microsoft Windows Server 2008 (64-bit) is installed OR Microsoft Windows Server 2008 (ia-64) is installed OR Microsoft Windows 7 (32-bit) is installed OR Microsoft Windows 7 x64 Edition is installed OR Microsoft Windows Server 2008 R2 x64 Edition is installed OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Check for vulnerable versions Check if the version of System.Security.dll is less than 4.0.30319.1016 OR LDR range Check if version of System.Security.dll is greater than or equal to 4.0.30319.2000 AND Check if the version of System.Security.dll is less than 4.0.30319.2026 OR .net 4.5 + win 8/2k12/vista/2k8/win7/R2 Microsoft .NET Framework 4.5 is installed AND Win8/2k12/2k8/Vista/Win7/R2 and vulnerable files version Win 8 / 2k12 and vulnerable file version Win 8 / 2k12 Microsoft Windows 8 (x86) is installed OR Microsoft Windows 8 (x64) is installed OR Microsoft Windows Server 2012 (64-bit) is installed AND Check for vulnerable version Check if the version of system.security.dll is less than 4.0.30319.18056 OR Win 7 /R2 /Vista / 2k8 and vulnerable file version XP/2k3/2k8/Vista/Win7/R2 Microsoft Windows Vista (32-bit) is installed OR Microsoft Windows Vista x64 Edition is installed OR Microsoft Windows Server 2008 (32-bit) is installed OR Microsoft Windows Server 2008 (64-bit) is installed OR Microsoft Windows 7 (32-bit) is installed OR Microsoft Windows 7 x64 Edition is installed OR Microsoft Windows Server 2008 R2 x64 Edition is installed AND Check for vulnerable version Check if the version of System.Security.dll is less than 4.0.30319.18055 OR .Net 3.5 + Win 8 /2k12 and vulnerable file version Microsoft .NET Framework 3.5 SP1 is installed AND Windows 8 / 2k12 Microsoft Windows 8 (x86) is installed OR Microsoft Windows 8 (x64) is installed OR Microsoft Windows Server 2012 (64-bit) is installed AND Check for vulnerable version Check if the version of system.security.dll is less than 2.0.50727.6410 OR LDR range Check if version of System.Security.dll is greater than or equal to 2.0.50727.7000 AND Check if the version of System.Security.dll is less than 2.0.50727.7032 OR Check if the version of system.web.extensions.dll is less than 3.5.30729.6407 OR LDR range Check if the version of system.web.extensions.dll is greater than or equal to 3.5.30729.7000 AND Check if the version of system.web.extensions.dll is less than 3.5.30729.7057
BACK