Vulnerability Details : CVE-2012-0160
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
Vulnerability category: Input validationExecute code
Threat overview for CVE-2012-0160
Top countries where our scanners detected CVE-2012-0160
Top open port discovered on systems with this issue
443
IPs affected by CVE-2012-0160 66,213
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2012-0160!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2012-0160
Probability of exploitation activity in the next 30 days: 79.08%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-0160
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2012-0160
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-0160
-
http://www.securitytracker.com/id?1027036
Microsoft .NET Framework Serialization Bugs Let Remote Users Execute Arbitrary Code - SecurityTracker
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-035
Microsoft Security Bulletin MS12-035 - Critical | Microsoft Docs
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15554
Repository / Oval Repository
-
http://www.securityfocus.com/bid/53356
Microsoft .NET Framework Input Serialization CVE-2012-0160 Remote Code Execution Vulnerability
-
http://www.us-cert.gov/cas/techalerts/TA12-129A.html
Microsoft Updates for Multiple Vulnerabilities | CISAUS Government Resource
Products affected by CVE-2012-0160
- cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:1.0:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:3.5:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*