MS12-025  MS12-025 - Critical : Vulnerability in .NET Framework Could Allow Remote Code Execution (2671605) - Version: 2.0

Version2012-06-12 Severity Rating: Critical Revision Note: V2.0 (June 12, 2012): Bulletin rereleased to reoffer the update for all affected software. Customers who have already successfully installed the update originally offered on April 10, 2012 are encouraged to install the reoffered update. See the Update FAQ for details. Summary: This security update resolves one privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page t
Bulletin details at Microsoft.com

Related CVE Entries

CVE-2012-0163

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
Max CVSS
9.3
EPSS Score
66.09%
Published
2012-04-10
Updated
2018-10-12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close