Summary
This host is missing a critical security update according to Microsoft Bulletin MS12-035.
Impact
Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the currently logged-in user. Failed attacks will cause denial-of-service conditions.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-035
Insight
The flaws are due to
- An error within the .NET Framework does not properly serialize user input and can be exploited to treat untrusted input as trusted.
- An error within the .NET Framework does not properly handle exceptions when serializing objects and can be exploited via partially trusted assemblies.
Affected
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4
References
Severity
Classification
-
CVE CVE-2012-0160, CVE-2012-0161 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Forefront Protection For Exchange RCE Vulnerability (2927022)
- Microsoft Active Directory Denial of Service Vulnerability (953235)
- Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)
- Microsoft Wireless LAN AutoConfig Service Remote Code Execution Vulnerability (970710)
- Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656)