CVE-2012-4777

The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP or 2 a crafted .NET Framework application, a...

EUVD-2012-1905

The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP or 2 a crafted .NET Framework application, aka...

CVE-2012-4777

CVE-2012-4777 affects Microsoft .NET Framework 4 and 4.5. The vulnerability arises from improper enforcement of object permissions in the reflection code-optimization feature, allowing remote code execution through a crafted XAML browser application (XBAP) or a crafted .NET Framework application....

CVE-2012-4776

The CVE-2012-4776 issue is the WPAD-related remote code execution in Microsoft .NET Framework (versions 2.0 SP2, 3.5, 3.5.1, 4, 4.5). The vulnerability arises because WPAD data returned during proxy settings acquisition is not validated, allowing a crafted data input during XBAP or .NET Framework...

CVE-2012-2519

CVE-2012-2519 : Untrusted search path vulnerability in Entity Framework/ADO.NET of Microsoft .NET Framework (1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4) allows local privilege gain via a Trojan DLL in the current working directory. Connected sources confirm this as a real, public entry with concret...

CVE-2012-1896

CVE-2012-1896 affects Microsoft .NET Framework 2.0 SP2 and 3.5.1, where trust levels are not properly respected during output data construction, enabling information leakage via crafted XBAPs or partially trusted code in .NET applications. The vulnerability is described as an information-disclosu...

CVE-2012-1895

The CVE-2012-1895 entry concerns Microsoft .NET Framework, where the reflection implementation may bypass object permissions. Affected products span .NET Framework 1.0 SP3 through 4, with exploitation possible via a crafted XBAP or crafted .NET application. The root cause is improper enforcement ...

MS12-074: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2745030)

The remote Windows host is running a version of Microsoft .NET Framework that is affected by multiple vulnerabilities : - The way .NET Framework validates the permissions of certain objects during reflection is flawed and could be exploited by an attacker to gain complete control of an affected...

Security Update for Microsoft .NET Framework 3.5 on Windows 8 x86 (KB2729462)

A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system...

Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2729462)

A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system...

Microsoft .NET Framework CVE-2012-4777 Remote Privilege Escalation Vulnerability

Description Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges within the application and obtain unauthorized access to the sensitive information. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilo...

Microsoft .NET Framework CVE-2012-2519 DLL Loading Arbitrary Code Execution Vulnerability

Description Microsoft .NET Framework is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location which contains a specially crafted Dynamic...

PT-2012-3633 · Microsoft · .Net Framework

Name of the Vulnerable Software and Affected Versions: Microsoft .NET Framework versions 1.0 SP3 through 4 Description: The issue arises from improper enforcement of object permissions in the reflection implementation, allowing remote attackers to execute arbitrary code. This can be achieved...

PT-2012-3634 · Microsoft · .Net Framework

Name of the Vulnerable Software and Affected Versions: Microsoft .NET Framework versions 2.0 SP2 through 3.5.1 Description: The issue is related to the improper consideration of trust levels during the construction of output data, allowing remote attackers to obtain sensitive information. This ca...

Microsoft Releases November 2012 Security Bulletin

Microsoft has released updates to address multiple vulnerabilities in Microsoft Windows Shell, .NET Framework, Windows Kernel-Mode drivers, Excel, Internet Information Services IIS, and cumulative security updates for Internet Explorer as part of the Microsoft Security Bulletin Summary for Novemb...

Microsoft .Net Framework Web Proxy Auto-Discovery Code Execution (MS12-074; CVE-2012-4776)

A remote code execution vulnerability has been reported in the Microsoft .Net Framework. The vulnerability is due to an error in the way the .Net Framework retrieves the default web proxy settings. A remote attacker can exploit this issue by enticing a victim to use a malicious proxy auto...

Microsoft .NET Framework CVE-2012-1895 Security Bypass Vulnerability

Description Microsoft .NET Framework is prone to a security-bypass vulnerability. An attacker can exploit this vulnerability to bypass certain Code Access Security CAS restrictions and gain elevated privileges. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0...

Microsoft .NET Framework CVE-2012-1896 Information Disclosure Vulnerability

Description The Microsoft .NET Framework is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to bypass certain Code Access Security CAS restrictions and obtain sensitive information from the target system that may aid in further attacks. Technologies Affect...

MS12-074: Vulnerabilities in .NET Framework could allow remote code execution: November 13, 2012

Resolves a vulnerability in the Microsoft .NET Framework that could allow remote code execution on a client system if a user views a specially crafted webpage by using a web browser that can run XAML Browser Applications XBAPs.View products that this article applies to.IntroductionMicrosoft has...

Microsoft .NET Framework CVE-2012-4776 Remote Code Execution Vulnerability

Description Microsoft .NET Framework is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will likely result in a denial-of-service condition. Technologies...