CVE-2012-0015

Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP, 2 a crafted ASP.NET application, or 3 a crafted .NET Framework application, aka...

CVE-2012-0014

Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP, 2 a crafted ASP.NET...

Microsoft Silverlight & .NET Framework Heap Corruption Remote Code Execution Vulnerability

Description Microsoft Silverlight and Microsoft .NET Framework are prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial-of-service...

MS12-016: Vulnerabilities in the .NET Framework and Microsoft Silverlight could allow remote code execution: February 14, 2012

Resolves a vulnerability in the .NET Framework and Microsoft Silverlight that could allow remote code execution on a client system if a user views a specially crafted webpage by using a web browser that can run Silverlight applications or XAML Browser Applications XBAPs.IntroductionMicrosoft has...

Microsoft Silverlight & .NET Framework Unmanaged Objects Remote Code Execution Vulnerability

Description Microsoft Silverlight and Microsoft .NET Framework are prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial-of-service...

PT-2012-2241 · Microsoft · .Net Framework

Name of the Vulnerable Software and Affected Versions: Microsoft .NET Framework versions 2.0 SP2 through 3.5.1 Description: A remote code execution issue exists due to improper buffer length calculation while processing specially crafted input. This could allow an attacker to take complete contro...

MS12-016: Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2651026)

The version of the .NET Framework installed on the remote host reportedly is affected by the following vulnerabilities : - The .NET Framework and Silverlight do not properly use unmanaged objects, which could allow a malicious .NET Framework application to access memory in an unsafe manner...

Microsoft Releases February Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .Net Framework, Silverlight, Office, and Server Software as part of the Microsoft Security Bulletin Summary for February 2012. These vulnerabilities may allow an attacker to execute arbitrary code o...

CVE-2011-3414

The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, whic...

CVE-2011-3416

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."...

CVE-2011-3417

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, ak...

Authentication flaw

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."...

Authentication flaw

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, ak...

CVE-2011-3416

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."...

CVE-2011-3414

CVE-2011-3414 concerns a denial-of-service in the Microsoft .NET Framework ASP.NET HashTable mapping. The vulnerability arises from the CaseInsensitiveHashProvider.getHashCode function used by the HashTable implementation across .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, which can ...

CVE-2011-3417

The CVE-2011-3417 entry concerns the ASP.NET Forms Authentication feature in Microsoft .NET Framework (1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, 4.0). When sliding expiry is enabled, cached content is not handled properly, allowing remote attackers to access arbitrary user accounts via a crafted URL (For...

CVE-2011-3415

Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in...

CVE-2011-3417

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, ak...

Microsoft .NET Framework 用户验证权限提升漏洞(CVE-2011-3416)

BUGTRAQ ID: 51201 CVE ID: CVE-2011-3416 ASP.NET是一套由Microsoft分发的帮助开发者构建基于WEB应用的系统。 Microsoft .NET Framework在用户验证的实现上存在权限提升漏洞，攻击者可利用此漏洞非法访问另一个用户账户，以其权限执行任意命令。要利用此漏洞，非法攻击者需要在ASP.NET应用上注册一个帐户并了解目标用户的现有帐户名，然后使用之前注册的账目名访问该帐户来构造特制的Web请求。 0 Microsoft .NET Framework 4.x Microsoft .NET Framework 3.x...

Microsoft .NET Framework 缓存处理代码执行漏洞

BUGTRAQ ID: 51203 CVE ID: CVE-2011-3417 ASP.NET是一套由Microsoft分发的帮助开发者构建基于WEB应用的系统。 Microsoft .NET Framework在处理缓存内容的方式上存在权限提升漏洞，通过发送特制的链接并诱使用户打开此类链接，攻击者可利用此漏洞执行任意恶意代码。 0 Microsoft .NET Framework 4.x Microsoft .NET Framework 3.x Microsoft .NET Framework 2.x Microsoft .NET Framework 1.x 厂商补丁： Microso...