Microsoft .NET Framework Remote Code Execution Vulnerability (2706726) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS12-038.

Impact

Successful exploitation could allow an attacker to execute arbitrary code. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-038

Insight

The flaw is due to an error within the framework when handling pointers and can be exploited to corrupt memory via a specially crafted web page.

Affected

Microsoft .NET Framework 4 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 2.0 Service Pack 2

References

http://secunia.com/advisories/49418
http://support.microsoft.com/kb/2706726
http://technet.microsoft.com/en-us/security/bulletin/ms12-038
http://www.securitytracker.com/id/1027149

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-1855

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270)
Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability (944533)
Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability (956844)
Buffer Overrun In HTML Converter Could Allow Code Execution (823559)
Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (2879017)

Take action and discover your vulnerabilities