Security Advisory

CVE-2013-3860

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2013-10-09 14:44:00

Last updated 2024-08-06 16:22:01

Assigner microsoft

State PUBLISHED

Description

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation, which allows remote attackers to cause a denial of service (application crash or hang) via a crafted signed XML document, aka "Entity Expansion Vulnerability."

← Browse all CVEs View on cve.org ↗