Microsoft .NET Framework远程权限提升漏洞（MS12-074)

BUGTRAQ ID: 56464 CVE ID: CVE-2012-4777 .NET就是微软的用来实现XML，Web Services，SOA（面向服务的体系结构service-oriented architecture）和敏捷性的技术。.NET Framework是微软开发的软件框架，主要运行在Microsoft Windows上。 Microsoft .NET Framework 4、4.5的代码优化功能在反射实现中没有正确执行对象权限，通过特制的XAML浏览器应用或特制的.NET Framework应用，可允许远程攻击者执行任意代码。 0 Microsoft .NET...

JDK: getDeclaredMethods() and setAccessible() code execution

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics...

CVE-2012-1895

The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP or 2 a crafted .NET Framework application, aka...

CVE-2012-4777

The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP or 2 a crafted .NET Framework application, a...

Design/Logic Flaw

The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP or 2 a crafted .NET Framework application, a...

Design/Logic Flaw

The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP or 2 a crafted .NET Framework application, aka...

Microsoft .NET Framework Remote Code Execution Vulnerability (2745030)

This host is missing a critical security update according to Microsoft Bulletin MS12-074. OpenVAS Vulnerability Test $Id: secpodms12-074.nasl 5346 2017-02-19 08:43:11Z cfi $ Microsoft .NET Framework Remote Code Execution Vulnerability 2745030 Authors: Antu Sanadi Copyright: Copyright c 2012 SecPo...

CVE-2012-1895

The CVE-2012-1895 entry concerns Microsoft .NET Framework, where the reflection implementation may bypass object permissions. Affected products span .NET Framework 1.0 SP3 through 4, with exploitation possible via a crafted XBAP or crafted .NET application. The root cause is improper enforcement ...

CVE-2012-4777

CVE-2012-4777 affects Microsoft .NET Framework 4 and 4.5. The vulnerability arises from improper enforcement of object permissions in the reflection code-optimization feature, allowing remote code execution through a crafted XAML browser application (XBAP) or a crafted .NET Framework application....

CVE-2012-1895

The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP or 2 a crafted .NET Framework application, aka...

EUVD-2012-4702

The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP or 2 a crafted .NET Framework application, a...

EUVD-2012-1905

The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP or 2 a crafted .NET Framework application, aka...

PT-2012-5588 · Microsoft · .Net Framework

Name of the Vulnerable Software and Affected Versions: Microsoft .NET Framework versions 4 and 4.5 Description: The issue arises from improper object permission enforcement in the reflection implementation's code-optimization feature, allowing remote attackers to execute arbitrary code. This can ...

PT-2012-3633 · Microsoft · .Net Framework

Name of the Vulnerable Software and Affected Versions: Microsoft .NET Framework versions 1.0 SP3 through 4 Description: The issue arises from improper enforcement of object permissions in the reflection implementation, allowing remote attackers to execute arbitrary code. This can be achieved...

java-1_7_0-openjdk: Update to icedtea-2.3.3 (important)

java-170-opendjk was updated to icedtea-2.3.3 bnc785814 Security fixes - S6631398, CVE-2012-3216: FilePermission improved path checking - S7093490: adjust package access in rmiregistry - S7143535, CVE-2012-5068: ScriptEngine corrected permissions - S7158796, CVE-2012-5070: Tighten properties...

dedeCMS latest injection vulnerability a gold-bug warning-the black bar safety net

Brief description: Since the parameters of the variables not be initialized testing and using the class reflection skills leads to plus\feedback.php in the variable $typeid presence of injection risk. Detailed description: Since the official has already released patches and vulnerabilities are no...

Immunity Canvas: JAVA_CVE_2012_5088

Name| javaCVE20125088 ---|--- CVE| CVE-2012-5088 Exploit Pack| CANVAS Description| Java MethodHandles.Lookup Remote Code Execution Notes| CVE Name: CVE-2012-5088 VENDOR: Sun Notes: The exploitation technique is abusing bug patched in CVE-2012-5088 which is allowing to use reflection with full...

OpenJDK: beans insufficient permission checks, Java 7 0day (beans, 7162473)

Multiple vulnerabilities in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by 1 using com.sun.beans.finder.ClassFinder.findClass and leveraging an...

CVE-2011-5157

Untrusted search path vulnerability in Attachmate Reflection before 14.1 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, a related issue to CVE-2011-0107. NOTE: some of these details are obtained from third party information...

CVE-2011-5157

Untrusted search path vulnerability in Attachmate Reflection before 14.1 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, a related issue to CVE-2011-0107. NOTE: some of these details are obtained from third party information...