CVE-2012-0163

2012-04-1021:55:01

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.591

Percentile

97.8%

JSON

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka “.NET Framework Parameter Validation Vulnerability.”

Affected configurations

Nvd

Node

microsoft.net_frameworkMatch1.0sp3

microsoft.net_frameworkMatch1.1sp1

microsoft.net_frameworkMatch2.0sp2

microsoft.net_frameworkMatch3.5

microsoft.net_frameworkMatch3.5.1

microsoft.net_frameworkMatch4.0

microsoft.net_frameworkMatch4.5

VendorProductVersionCPE
microsoft.net_framework1.0cpe:2.3:a:microsoft:.net_framework:1.0:sp3:*:*:*:*:*:*
microsoft.net_framework1.1cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*
microsoft.net_framework2.0cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
microsoft.net_framework3.5cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
microsoft.net_framework3.5.1cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
microsoft.net_framework4.0cpe:2.3:a:microsoft:.net_framework:4.0:*:*:*:*:*:*:*
microsoft.net_framework4.5cpe:2.3:a:microsoft:.net_framework:4.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	.net_framework	1.0	cpe:2.3:a:microsoft:.net_framework:1.0:sp3::::::
microsoft	.net_framework	1.1	cpe:2.3:a:microsoft:.net_framework:1.1:sp1::::::
microsoft	.net_framework	2.0	cpe:2.3:a:microsoft:.net_framework:2.0:sp2::::::
microsoft	.net_framework	3.5	cpe:2.3:a:microsoft:.net_framework:3.5:::::::*
microsoft	.net_framework	3.5.1	cpe:2.3:a:microsoft:.net_framework:3.5.1:::::::*
microsoft	.net_framework	4.0	cpe:2.3:a:microsoft:.net_framework:4.0:::::::*
microsoft	.net_framework	4.5	cpe:2.3:a:microsoft:.net_framework:4.5:::::::*