MS10-041: Vulnerabilities in the Microsoft .NET Framework that could allow tampering

Resolves a vulnerability in the Microsoft .NET Framework that could allow tampering in signed XML content without being detected.Support for Windows Vista Service Pack 1 SP1 ends on July 12, 2011. To continue receiving security updates for Windows, make sure you're running Windows Vista with...

Microsoft .NET Framework XBAP Buffer Allocation Code Execution (MS12-034; CVE-2012-0162)

A remote code execution vulnerability has been reported in Microsoft .NET Framework...

MS12-035: Vulnerabilities in the .NET Framework could allow remote code execution: May 8, 2012

Resolves a vulnerability in the .NET Framework that could allow remote code execution on a client system if a user views a specially crafted webpage by using a web browser that can run XAML Browser Applications XBAPs.IntroductionMicrosoft has released the security bulletin MS12-035. You can view...

Microsoft Releases May Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, .NET Framework, and Silverlight as part of the Microsoft Security Bulletin Summary for May 2012. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges. US-CE...

Microsoft .NET Framework Index Comparison Denial Of Service Vulnerability

Description Microsoft .NET Framework is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the application to become unresponsive or to crash, denying service to legitimate users. Due to the nature of this issue, arbitrary code-execution may be possible...

Microsoft .NET Framework Serialization CVE-2012-0161 Remote Code Execution Vulnerability

Description Microsoft .NET Framework is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will likely result in a denial-of-service condition. Technologies...

Microsoft Windows TrueType Font Engine CVE-2012-0159 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability that affects the TrueType Font engine. An attacker can exploit this issue through the Windows Kernel-Mode drivers to execute arbitrary code in kernel mode. The attacker can also exploit this issue through Microsoft...

Microsoft .NET Framework Input Serialization CVE-2012-0160 Remote Code Execution Vulnerability

Description Microsoft .NET Framework is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting victim to run a malicious .NET application or visit a site that hosts the malicious content as an Extensible Application Markup Language XAML...

Microsoft .NET Framework Serialization CVE-2012-0162 Remote Code Execution Vulnerability

Description Microsoft .NET Framework is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will likely result in a denial-of-service condition. Technologies...

MS12-034: Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight: May 8, 2012

Resolves a vulnerability in the .NET Framework and Silverlight that could allow remote code execution on a client system if a user views a specially crafted webpage by using a web browser that can run Silverlight applications or XAML Browser Applications XBAPs.IntroductionMicrosoft has released t...

Patch Tuesday Advance Notification: May Edition

Microsoft announced today that they will be shipping three critical and five important bulletins in the May edition of patch Tuesday. All of the ‘critical’ bulletins and two of the ‘important’ bulletins fix vulnerabilities that could otherwise lead to remote code execution. The two remaining...

Microsoft Releases Advanced Notification for May Security Bulletin

Microsoft has issued a Security Bulletin Advanced Notification indicating that its May release will contain seven bulletins. These bulletins will have the severity rating of critical and important and will be for Microsoft Windows, Office, .NET Framework, and Silverlight. Releases of these...

Microsoft .NET Framewor参数校验远程整数溢出漏洞(MS12-025)

Microsoft .NET Framework是一套由Microsoft分发的帮助开发者构建基于WEB应用的系统 Microsoft .NET Framework的EncoderParameter类存在一个整数溢出漏洞，由于不正确分配缓冲区，拷贝用户数据到堆缓冲区时可导致堆破坏 EncoderParameter中System.Drawing.dll中实现，用于向图像解码器GDI+传递值或值的数组 利用此漏洞，以部分可信权限运行的应用程序可绕过CLR沙盒限制，最终可以以完全可信权限执行任意代码。部分可信应用程序的例子包括ClickOnce, XAML Browser Applicatio...

.NET Framework EncoderParameter Integer Overflow

Exploit for windows platform in category dos / poc ------------------------------------------------------------------------ .NET Framework EncoderParameter integer overflow vulnerability ------------------------------------------------------------------------ Yorick Koster, September 2011...

Microsoft .NET Framework EncoderParameter - Integer Overflow (MS12-025)

Microsoft .NET Framework EncoderParameter - Integer Overflow MS12-025 ------------------------------------------------------------------------ .NET Framework EncoderParameter integer overflow vulnerability ------------------------------------------------------------------------ Yorick Koster,...

Microsoft .NET Framework EncoderParameter - Integer Overflow (MS12-025)

------------------------------------------------------------------------ .NET Framework EncoderParameter integer overflow vulnerability ------------------------------------------------------------------------ Yorick Koster, September 2011...

.NET Framework EncoderParameter integer overflow vulnerability

------------------------------------------------------------------------ .NET Framework EncoderParameter integer overflow vulnerability ------------------------------------------------------------------------ Yorick Koster, September 2011...

.NET Framework EncoderParameter Integer Overflow

------------------------------------------------------------------------ .NET Framework EncoderParameter integer overflow vulnerability ------------------------------------------------------------------------ Yorick Koster, September 2011...

Microsoft .NET Framework CRL参数解析漏洞 (MS12-025)

BUGTRAQ ID: 52921 CVE ID: CVE-2012-0163 ASP.NET是一套由Microsoft分发的帮助开发者构建基于WEB应用的系统。 Microsoft .NET Framework在处理传递到函数的某些参数时，.NET CRL Common Language Runtime中存在错误，可通过特制的网页利用，导致控制用户系统。 0 Microsoft .NET Framework 4.x Microsoft .NET Framework 3.x Microsoft .NET Framework 2.x Microsoft .NET Framework 1.x...

Microsoft .NET Framework Remote Code Execution Vulnerability (2671605)

This host is missing a critical security update according to Microsoft Bulletin MS12-025. OpenVAS Vulnerability Test $Id: secpodms12-025.nasl 5366 2017-02-20 13:55:38Z cfi $ Microsoft .NET Framework Remote Code Execution Vulnerability 2671605 Authors: Sooraj KS Copyright: Copyright c 2012 SecPod,...