To exploit the vulnerability, an attacker would need to send crafted JSON data to a targeted system. To achieve this objective, the attacker may require access to trusted, internal networks in which the targeted system may reside, which could limit the likelihood of a successful exploit.
Microsoft has corrected this vulnerability by modifying the way the affected software handles JSON data encodings.
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities that Microsoft disclosed in the October 2013 security bulletin release. This Cisco bulletin, which assists administrators in identifying or mitigating these vulnerabilities using Cisco devices, is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for October 2013