1392 matches found
Design/Logic Flaw
Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET applicatio...
Design/Logic Flaw
The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP or 2 a crafted .NET Framework application, a...
Design/Logic Flaw
The Web Proxy Auto-Discovery WPAD functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data duri...
CVE-2012-2519
Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET applicatio...
EUVD-2012-4702
The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP or 2 a crafted .NET Framework application, a...
Microsoft .NET Framework Remote Code Execution Vulnerability (2745030)
This host is missing a critical security update according to Microsoft Bulletin MS12-074. OpenVAS Vulnerability Test $Id: secpodms12-074.nasl 5346 2017-02-19 08:43:11Z cfi $ Microsoft .NET Framework Remote Code Execution Vulnerability 2745030 Authors: Antu Sanadi Copyright: Copyright c 2012 SecPo...
CVE-2012-4777
The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP or 2 a crafted .NET Framework application, a...
EUVD-2012-1905
The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP or 2 a crafted .NET Framework application, aka...
CVE-2012-4777
CVE-2012-4777 affects Microsoft .NET Framework 4 and 4.5. The vulnerability arises from improper enforcement of object permissions in the reflection code-optimization feature, allowing remote code execution through a crafted XAML browser application (XBAP) or a crafted .NET Framework application....
CVE-2012-4776
The CVE-2012-4776 issue is the WPAD-related remote code execution in Microsoft .NET Framework (versions 2.0 SP2, 3.5, 3.5.1, 4, 4.5). The vulnerability arises because WPAD data returned during proxy settings acquisition is not validated, allowing a crafted data input during XBAP or .NET Framework...
CVE-2012-2519
CVE-2012-2519 : Untrusted search path vulnerability in Entity Framework/ADO.NET of Microsoft .NET Framework (1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4) allows local privilege gain via a Trojan DLL in the current working directory. Connected sources confirm this as a real, public entry with concret...
CVE-2012-4776
The Web Proxy Auto-Discovery WPAD functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data duri...
Microsoft .NET Framework CVE-2012-4777 Remote Privilege Escalation Vulnerability
Description Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges within the application and obtain unauthorized access to the sensitive information. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilo...
Microsoft .NET Framework CVE-2012-4776 Remote Code Execution Vulnerability
Description Microsoft .NET Framework is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will likely result in a denial-of-service condition. Technologies...
Microsoft .NET Framework CVE-2012-2519 DLL Loading Arbitrary Code Execution Vulnerability
Description Microsoft .NET Framework is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location which contains a specially crafted Dynamic...
Microsoft .Net Framework Web Proxy Auto-Discovery Code Execution (MS12-074; CVE-2012-4776)
A remote code execution vulnerability has been reported in the Microsoft .Net Framework. The vulnerability is due to an error in the way the .Net Framework retrieves the default web proxy settings. A remote attacker can exploit this issue by enticing a victim to use a malicious proxy auto...
Microsoft .NET Framework CVE-2012-1895 Security Bypass Vulnerability
Description Microsoft .NET Framework is prone to a security-bypass vulnerability. An attacker can exploit this vulnerability to bypass certain Code Access Security CAS restrictions and gain elevated privileges. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0...
Microsoft .NET Framework CVE-2012-1896 Information Disclosure Vulnerability
Description The Microsoft .NET Framework is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to bypass certain Code Access Security CAS restrictions and obtain sensitive information from the target system that may aid in further attacks. Technologies Affect...
ZDI-12-141 : Microsoft .NET Framework Clipboard Unsafe Memory Access Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-141 : Microsoft .NET Framework Clipboard Unsafe Memory Access Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-141 August 17, 2012 - -- CVE ID: CVE-2012-1855 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...
Microsoft .NET Framework Undersized Glyph Buffer Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the .NET Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Microsoft .NE...