MS12-025: Vulnerability in .NET Framework Could Allow Remote Code Execution (2671605)

The version of the .NET Framework installed on the remote host reportedly is affected by a code execution vulnerability because of the way .NET Framework validates parameters when passing data to a function. An attacker may be able to leverage these vulnerabilities to execute arbitrary code on th...

CVE-2012-0163

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP, 2 a crafted ASP.NET application, or 3 a crafted .NET Framework...

Input validation

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP, 2 a crafted ASP.NET application, or 3 a crafted .NET Framework...

CVE-2012-0163

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP, 2 a crafted ASP.NET application, or 3 a crafted .NET Framework...

CVE-2012-0163

CVE-2012-0163 is a high-severity vulnerability in multiple .NET Framework versions (1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5) where function parameter validation is insufficient, enabling remote code execution. Exploitation paths include a crafted XBAP, a crafted ASP.NET application, or a cr...

Microsoft: Six Bulletins, Four Critical In April Patch

Microsoft issued six patches, four of which were critical in the April 2012 software updates. The company released its monthly patch Tuesday. The patches affect Microsoft Windows, Internet Explorer, the .NET Framework, Office, SQL Server, Server Software, Developer Tools, and Forefront United...

Microsoft .NET Framework Parameter Validation Remote Code Execution Vulnerability

Description The .NET Framework is prone to a remote code-execution vulnerability. Successful exploits may allow an attacker to execute arbitrary code with the privileges of the currently logged-in user. Failed attacks will cause denial-of-service conditions. In a web hosting environment,...

MS12-025: Vulnerabilities in the .NET Framework could allow remote code execution: April 10, 2012

Resolves a vulnerability in the .NET Framework that could allow remote code execution on a client system if a user views a specially crafted webpage by using a web browser that can run XAML Browser Applications XBAPs.Important In response to customer feedback that we received after the original...

Microsoft Releases April Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Office, SQL Server, Server Software, Developer Tools, and Forefront United Access Gateway as part of the Microsoft Security Bulletin Summary for April 2012. These vulnerabilities may...

Microsoft ASP.NET Forms Authentication Bypass

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Microsoft ASP.NET Forms Authentication Bypass product: Microsoft .NET Framework vulnerable version: Microsoft .NET Framework Version:4.0.30319; ASP.NET...

Microsoft Windows multiple security vulnerabilities

GDI code execution, drivers privilege escalation, unsafe DLL loading, C Runtime code execution, .Net framework and Silverlight vulnerabilities...

Microsoft Silverlight & .NET Framework未管理对象远程代码执行漏洞(MS12-016)

BUGTRAQ ID: 51938 CVE ID: CVE-2012-0014 Microsoft Silverlight是跨浏览器、跨平台的.NET实现，用于为Web构建媒体体验和交互应用。 Microsoft Silverlight和Microsoft .NET Framework在实现上存在远程代码执行漏洞，成功利用后可允许攻击者执行任意代码。 0 Microsoft .NET Framework 4.x Microsoft .NET Framework 3.x Microsoft .NET Framework 2.x Microsoft Silverlight 4.0 厂商补丁：...

Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vulnerabilities (2651026)

This host is missing a critical security update according to Microsoft Bulletin MS12-016. OpenVAS Vulnerability Test $Id: secpodms12-016.nasl 8190 2017-12-20 09:44:30Z cfischer $ Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vulnerabilities 2651026 Authors: Sooraj KS...

CVE-2012-0014

Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP, 2 a crafted ASP.NET...

CVE-2012-0015

Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP, 2 a crafted ASP.NET application, or 3 a crafted .NET Framework application, aka...

Design/Logic Flaw

Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP, 2 a crafted ASP.NET application, or 3 a crafted .NET Framework application, aka...

Security feature bypass

Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP, 2 a crafted ASP.NET...

CVE-2012-0014

CVE-2012-0014 describes a remote code execution flaw in Microsoft .NET Framework components (2.0 SP2, 3.5.1, 4) and Silverlight 4 prior to 4.1.10111, caused by improper restriction of memory access for unmanaged objects. Exploitation vectors include XBAP, crafted ASP.NET, .NET Framework, and Silv...

CVE-2012-0014

Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP, 2 a crafted ASP.NET...

CVE-2012-0015

CVE-2012-0015 is tied to Microsoft .NET Framework 2.0 SP2 and 3.5.1 and describes a heap corruption vulnerability caused by improper calculation of a buffer length. This allows remote code execution via crafted input in XBAPs, ASP.NET applications, or .NET Framework applications. The connected Op...