ms13-040

MS13-040 is a Microsoft security bulletin from May 2013 addressing vulnerabilities in the .NET Framework. The update resolves one privately reported and one publicly disclosed vulnerability that could allow spoofing if a .NET application processes a specially crafted XML file. An attacker exploiting these vulnerabilities could modify XML file contents without invalidating the file's signature and gain access to endpoint functions as an authenticated user. This bulletin is rated Important and applies to various .NET Framework versions. Users are advised to apply the update to mitigate the risk of spoofing attacks.