1392 matches found
Design/Logic Flaw
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework application, aka...
CVE-2013-0004
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework application, aka...
CVE-2013-0005
The WCF Replace function in the Open Data aka OData protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service resource consumption and daemon restart via craft...
CVE-2013-0002
Microsoft .NET Framework WinForms Buffer Overflow (CVE-2013-0002) is triggered by improper counting of objects during a memory copy in Windows Forms, allowing remote code execution via a crafted XBAP or a crafted .NET application. Affected versions span 1.0 SP3 through 4.5. The root cause is a ra...
CVE-2013-0003
The CVE-2013-0003 entry details a buffer overflow in the System.DirectoryServices.Protocols (S.DS.P) namespace method of Microsoft .NET Framework (2.0 SP2 through 4.5). The root cause is a missing array-size boundary check during a memory-copy operation, enabling remote code execution via a craft...
CVE-2013-0001
CVE-2013-0001 concerns a vulnerability in the Windows Forms (WinForms) component of Microsoft .NET Framework (1.0 SP3–4.5). The root cause is improper initialization of memory arrays and use of a pointer to unmanaged memory, enabling information disclosure. Exploitation could occur via a crafted ...
Microsoft .NET Framework Privilege Elevation Vulnerability (2769324)
This host is missing an important security update according to Microsoft Bulletin MS13-004. OpenVAS Vulnerability Test $Id: secpodms13-004.nasl 5365 2017-02-20 13:46:09Z cfi $ Microsoft .NET Framework Privilege Elevation Vulnerability 2769324 Authors: Antu Sanadi Copyright: Copyright c 2013 SecPo...
Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)
This host is missing an important security update according to Microsoft Bulletin MS13-004. OpenVAS Vulnerability Test $Id: secpodms13-007.nasl 5365 2017-02-20 13:46:09Z cfi $ Microsoft .NET Framework Open Data Protocol DOS Vulnerability 2769327 Authors: Antu Sanadi Copyright: Copyright c 2013...
Microsoft .NET Framework Privilege Elevation Vulnerability (2769324)
This host is missing an important security update according to Microsoft Bulletin MS13-004. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)
This host is missing an important security update according to Microsoft Bulletin MS13-004. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
MS13-007: Vulnerability in Open Data Protocol Could Allow Denial of Service (2769327)
The remote Windows host is running a version of the Microsoft .NET Framework that is affected by a denial of service vulnerability in the Open Data OData protocol. An unauthenticated attacker could exploit this vulnerability by sending a specially crafted HTTP request to the affected site. C...
Microsoft .NET Framework CVE-2013-0001 Information Disclosure Vulnerability
Description The Microsoft .NET Framework is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to bypass certain Code Access Security CAS restrictions and obtain sensitive information from the target system that may aid in further attacks. Technologies Affect...
Microsoft .NET Framework CVE-2013-0002 Remote Privilege Escalation Vulnerability
Description The Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. Attackers can exploit this issue to gain elevated privileges on the affected computer. Technologies Affected Microsoft .NET Framework 1.0 Microsoft .NET Framework 1.0 SP1 Microsoft .NET Framework 1.0...
Microsoft .NET Framework CVE-2013-0003 Remote Privilege Escalation Vulnerability
Description Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. An attackers can exploit this issue to gain escalated privileges within the context of the application; this results in complete control of the affected system. Technologies Affected Microsoft .NET...
Microsoft .NET Framework CVE-2013-0004 Remote Privilege Escalation Vulnerability
Description The Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. An attackers can exploit this issue to gain escalated privileges; this may result in the attacker gaining complete control of the affected system. Technologies Affected Microsoft .NET Framework 1.0...
Microsoft .NET Framework DLL 加载任意代码执行漏洞(MS12-074)
BUGTRAQ ID: 56462 CVE ID: CVE-2012-2519 .NET就是微软的用来实现XML,Web Services,SOA(面向服务的体系结构service-oriented architecture)和敏捷性的技术。.NET Framework是微软开发的软件框架,主要运行在Microsoft Windows上。 Microsoft .NET Framework 1.0 SP3、1.1 SP1、2.0 SP2、3.5.1、4内的ADO.NET里的Entity Framework存在可疑搜索路径漏洞,通过当前工作目录内的木马DLL,可允许本地用户获取权限。 0...
Microsoft .NET Framework 远程代码执行漏洞(MS12-074)
BUGTRAQ ID: 56463 CVE ID: CVE-2012-4776 .NET就是微软的用来实现XML,Web Services,SOA(面向服务的体系结构service-oriented architecture)和敏捷性的技术。.NET Framework是微软开发的软件框架,主要运行在Microsoft Windows上。 Microsoft .NET Framework 2.0 SP2、3.5、3.5.1、4、4.5内的WPAD功能没有验证获取代理设置过程中返回的配置数据,通过在执行XAML浏览器应用或.NET...
CVE-2012-1896
Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via 1 a crafted XAML browser application aka XBAP or 2 a crafted .NET Framework application, aka "Code Access Securi...
CVE-2012-4776
The Web Proxy Auto-Discovery WPAD functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data duri...
Design/Logic Flaw
The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP or 2 a crafted .NET Framework application, aka...