Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0163

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-0163
Last Modified 06 Mar 2013 11:50:42
Published 10 Apr 2012 05:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0163

Summary

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."

Vulnerable Systems

Application

  • Microsoft .net Framework 1.0

  • Microsoft .net Framework 1.1

  • Microsoft .net Framework 2.0

  • Microsoft .net Framework 3.5

  • Microsoft .net Framework 3.5.1

  • Microsoft .net Framework 4.0

  • Microsoft .net Framework 4.5


References

MS - MS12-025

XF - ms-dotnet-parameter-code-exec(74377)

SECTRACK - 1026907

CERT - TA12-101A

Related Patches

MS12-025 Security Update for .NET Framework 1.1 SP1 on Windows Server 2003 and Windows Server 2003 R2 x86 (KB2656376)

MS12-025 Security Update for .NET Framework 2.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2 x86 (KB2656374)

MS12-025 Security Update for .NET Framework 1.0 SP3 on Windows XP Tablet PC and Media Center (KB2656378)

MS12-025 Security Update for .NET Framework 2.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2 for x64 (KB2656374)

MS12-025 Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64 (KB2656372)

MS12-025 2671605 2656368 Security Update for .NET Framework 4.0 (All Languages) (re-released 6/12/2012)

MS12-025 2671605 2656370 Security Update for .NET Framework 1.1 SP1 (All Languages) (re-released 6/12/2012)

MS12-025 2671605 2656369 Security Update for .NET Framework 2.0 SP2 (All Languages) (re-released 6/12/2012)

MS12-025 Security Update for .NET Framework 3.5.1 on Windows 7 x86 (KB2656372)

MS12-025 2671605 2656369 Security Update for .NET Framework 2.0 SP2 (All Languages)

MS12-025 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Win 7, Server 2008 x86 (KB2656368)

MS12-025 Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Win 2008 x86 (KB2656370)

MS12-025 2671605 2656370 Security Update for .NET Framework 1.1 SP1 (All Languages)

MS12-025 2671605 2656368 Security Update for .NET Framework 4.0 (All Languages)

MS12-025 Security Update for .NET 4 on XP, Server 2003, Vista, Win 7, Server 2008, Server 2008 R2 for x64 (KB2656368)

MS12-025 Security Update for .NET Framework 1.1 SP1 on Win XP, Server 2003, Vista, and Server 2008 for x64 (KB2656370)

MS12-025 Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2656369)

MS12-025 Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x64 (KB2656369)


Last Updated: 27 May 2016 10:58:24