Lucene search

[email protected]CVE-2012-4777

HistoryNov 14, 2012 - 12:55 a.m.

CVE-2012-4777

2012-11-1400:55:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2012-4777

code optimization

reflection implementation

microsoft .net framework

remote code execution

7.4 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.582 Medium

EPSS

Percentile

97.7%

JSON

The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka “WPF Reflection Optimization Vulnerability.”

CPENameOperatorVersion
microsoft:.net_frameworkmicrosoft .net frameworkeq4.0
microsoft:.net_frameworkmicrosoft .net frameworkeq4.5

CPE	Name	Operator	Version
microsoft:.net_framework	microsoft .net framework	eq	4.0
microsoft:.net_framework	microsoft .net framework	eq	4.5

References

osvdb.org/87267

secunia.com/advisories/51236

www.securityfocus.com/bid/56464

www.securitytracker.com/id?1027753

www.us-cert.gov/cas/techalerts/TA12-318A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-074

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15960

7.4 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.582 Medium

EPSS

Percentile

97.7%

JSON

Related for CVE-2012-4777

cvelist1 prion1 symantec1 seebug1 nessus1 mskb1 openvas2 securityvulns1