Summary
This host is missing a critical security update according to Microsoft Bulletin MS12-035.
Impact
Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the currently logged-in user. Failed attacks will cause denial-of-service conditions.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-035
Insight
The flaws are due to
- An error within the .NET Framework does not properly serialize user input and can be exploited to treat untrusted input as trusted.
- An error within the .NET Framework does not properly handle exceptions when serializing objects and can be exploited via partially trusted assemblies.
Affected
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4
References
Severity
Classification
-
CVE CVE-2012-0160, CVE-2012-0161 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft DirectShow Remote Code Execution Vulnerability (2845187)
- Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (961371))
- Cumulative Security Update for Internet Explorer (931768)
- Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)
- Microsoft .NET Framework Remote Code Execution Vulnerability (3000414)