Design/Logic Flaw

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application...

CVE-2012-0160

CVE-2012-0160 is a high-severity remote code execution vulnerability in Microsoft .NET Framework serialization. It affects multiple .NET Framework versions (1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4) and can be exploited via a crafted XBAP or a crafted .NET Framework application. ...

Microsoft Windows本地权限提升漏洞(CVE-2012-1848)(MS12-034)

BUGTRAQ ID: 53327 CVE ID: CVE-2012-1848 Microsoft Windows是流行的计算机操作系统。 Windows内核模式驱动程序中存在一个特权提升漏洞。成功利用此漏洞的攻击者可以运行内核模式中的任意代码。攻击者随后可安装程序；查看、更改或删除数据；或者创建拥有完全管理权限的新帐户。 0 Microsoft Windows Windows XP Service Pack 3 0 Microsoft Windows Windows XP Professional x64 Ed Microsoft Windows Windows XP...

Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)

This host is missing a critical security update according to Microsoft Bulletin MS12-035. OpenVAS Vulnerability Test $Id: secpodms12-035.nasl 5366 2017-02-20 13:55:38Z cfi $ Microsoft .NET Framework Remote Code Execution Vulnerability 2693777 Authors: Sooraj KS Copyright: Copyright c 2012 SecPod,...

Microsoft .NET Framework序列化远程代码执行漏洞(CVE-2012-0161)(MS12-035)

BUGTRAQ ID: 53357 CVE ID: CVE-2012-0161 Microsoft Windows是流行的计算机操作系统。 由于通过部分受信任的程序集不正确地序列化不受信任的输入，Microsoft .NET Framework 中存在一个远程执行代码漏洞。成功利用此漏洞的攻击者可以完全控制受影响的系统。攻击者可随后安装程序；查看、更改或删除数据；或者创建拥有完全用户权限的新帐户。那些帐户被配置为拥有较少系统用户权限的用户比具有管理用户权限的用户受到的影响要小。 0 Microsoft .NET Framework 4.0 Microsoft .NET Framework...

Microsoft GDI+ EMF图形处理远程代码执行漏洞(MS12-034)

BUGTRAQ ID: 53347 CVE ID: CVE-2012-0165 Windows是流行的计算机操作系统。 GDI+ 处理特制 EMF 图像的验证的方式中存在一个远程执行代码漏洞。如果用户打开特制的 EMF 图像文件，该漏洞可能允许远程执行代码。成功利用此漏洞的攻击者可以完全控制受影响的系统。攻击者可随后安装程序；查看、更改或删除数据；或者创建拥有完全用户权限的新帐户。那些帐户被配置为拥有较少系统用户权限的用户比具有管理用户权限的用户受到的影响要小。 0 Microsoft Office 2003 Microsoft Office Office 2010 Microsoft...

CVE-2012-0164

CVE-2012-0164 : A vulnerability in Microsoft .NET Framework 4 (and WPF apps) where index value comparisons are not performed correctly, allowing a remote attacker to cause a denial of service (application hang) via crafted requests. Affects .NET Framework 4 and related WPF components; root cause ...

CVE-2012-0162

CVE-2012-0162 affects Microsoft .NET Framework (4.x) and is due to an undersized buffer allocation in the framework’s handling of XAML Browser Applications (XBAP) graphics components. This can allow remote code execution when a user visits a malicious page or opens a crafted .NET application, wit...

CVE-2012-0161

CVE-2012-0161 affects Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4. It describes an unspecified exception handling flaw during use of partially trusted assemblies to serialize input data, enabling remote code execution via a crafted XBAP or a crafted .NET Fra...

CVE-2012-0164

Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service application hang via crafted requests to a Windows Presentation Foundation WPF application, aka ".NET Framework Index Comparison Vulnerability."...

MS Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578)

This host is missing a critical security update according to Microsoft Bulletin MS12-034. OpenVAS Vulnerability Test $Id: secpodms12-034.nasl 8190 2017-12-20 09:44:30Z cfischer $ MS Security Update For Microsoft Office, .NET Framework, and Silverlight 2681578 Authors: Sooraj KS Copyright: Copyrig...

Microsoft .NET Framework索引比较拒绝服务漏洞(CVE-2012-0164)(MS12-034)

BUGTRAQ ID: 53363 CVE ID: CVE-2012-0164 Microsoft Windows是流行的计算机操作系统。 .NET Framework 比较索引值的方式中存在一个拒绝服务漏洞。成功利用此漏洞的攻击者可能导致使用 WPF API 的应用程序停止响应，直至被手动重新启动。请注意，攻击者无法利用拒绝服务漏洞来以任何方式执行代码或提升其用户权限。 0 Microsoft .NET Framework 4.0 厂商补丁： Microsoft --------- Microsoft已经为此发布了一个安全公告（MS12-034）以及相应补丁:...

Microsoft Windows本地权限提升漏洞(CVE-2012-0180)(MS12-034)

BUGTRAQ ID: 53324 CVE ID: CVE-2012-0180 Microsoft Windows是流行的计算机操作系统。 Windows内核模式驱动程序管理与窗口和消息处理相关的功能的方式中存在一个特权提升漏洞。成功利用此漏洞的攻击者可以运行内核模式中的任意代码。攻击者随后可安装程序；查看、更改或删除数据；或者创建拥有完全管理权限的新帐户。 0 Microsoft Windows Windows XP Service Pack 3 0 Microsoft Windows Windows XP Professional x64 Ed Microsoft Windows...

Microsoft Windows本地键盘布局处理权限提升漏洞(CVE-2012-0181)(MS12-034)

BUGTRAQ ID: 53326 CVE ID: CVE-2012-0181 Microsoft Windows是流行的计算机操作系统。 Windows内核模式驱动程序管理键盘布局文件的方式中存在一个特权提升漏洞。成功利用此漏洞的攻击者可以运行内核模式中的任意代码。攻击者随后可安装程序；查看、更改或删除数据；或者创建拥有完全管理权限的新帐户。 0 Microsoft Windows Windows XP Service Pack 3 0 Microsoft Windows Windows XP Professional x64 Ed Microsoft Windows Windows ...

CVE-2012-0161

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application...

Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)

This host is missing a critical security update according to Microsoft Bulletin MS12-035. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578)

This host is missing a critical security update according to Microsoft Bulletin MS12-034. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

MS12-034: Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Win32k TrueType font parsing engine that allows an unauthenticated, remote attacker to execute arbitrary code by convincing a user to open a Word document containi...

MS12-035: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777)

The version of the .NET Framework installed on the remote host is affected by multiple vulnerabilities in the serialization process. Untrusted data is treated as trusted which could result in arbitrary code execution. C Tenable Network Security, Inc. include"compat.inc"; if description...

CVE-2012-0162

Microsoft .NET Framework 4 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP or 2 a crafted .NET Framework application, aka ".NET Framework Buffer Allocation Vulnerability."...