Summary
This host is missing a critical security update according to Microsoft Bulletin MS12-035.
Impact
Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the currently logged-in user. Failed attacks will cause denial-of-service conditions.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-035
Insight
The flaws are due to
- An error within the .NET Framework does not properly serialize user input and can be exploited to treat untrusted input as trusted.
- An error within the .NET Framework does not properly handle exceptions when serializing objects and can be exploited via partially trusted assemblies.
Affected
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4
References
Severity
Classification
-
CVE CVE-2012-0160, CVE-2012-0161 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Active Directory Denial of Service Vulnerability (953235)
- Cumulative Patch for Internet Information Services (Q327696)
- Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455)
- Microsoft Distributed File System Remote Code Execution Vulnerabilities (2535512)
- Flaw in Microsoft VM Could Allow Code Execution (810030)