Lucene search

K
cve[email protected]CVE-2012-0161
HistoryMay 09, 2012 - 12:55 a.m.

CVE-2012-0161

2012-05-0900:55:00
CWE-20
web.nvd.nist.gov
121
cve-2012-0161
microsoft
.net framework
remote code execution
serialization vulnerability
nvd

9.5 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.791 High

EPSS

Percentile

98.2%

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka β€œ.NET Framework Serialization Vulnerability.”

9.5 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.791 High

EPSS

Percentile

98.2%