Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4776

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-4776
Last Modified 02 Nov 2013 11:27:30
Published 13 Nov 2012 07:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4776

Summary

The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability."

Vulnerable Systems

Application

  • Microsoft .net Framework 2.0

  • Microsoft .net Framework 3.5

  • Microsoft .net Framework 3.5.1

  • Microsoft .net Framework 4.0

  • Microsoft .net Framework 4.5


References

MS - MS12-074

CERT - TA12-318A

BID - 56463

OSVDB - 87266

SECTRACK - 1027753

SECUNIA - 51236

Related Patches

MS12-074 Security Update for .NET 4 on XP, Server 2003, Vista, Win 7, Server 2008, Server 2008 R2 for x64 (KB2729449)


Last Updated: 27 May 2016 10:58:28