Microsoft .NET Framework Remote Code Execution Vulnerability (2706726) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS12-038.

Impact

Successful exploitation could allow an attacker to execute arbitrary code. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-038

Insight

The flaw is due to an error within the framework when handling pointers and can be exploited to corrupt memory via a specially crafted web page.

Affected

Microsoft .NET Framework 4 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 2.0 Service Pack 2

References

http://secunia.com/advisories/49418
http://support.microsoft.com/kb/2706726
http://technet.microsoft.com/en-us/security/bulletin/ms12-038
http://www.securitytracker.com/id/1027149

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-1855

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (2870699)
Cumulative Security Update for Internet Explorer (956390)
Microsoft Internet Explorer Memory Corruption Vulnerability (2755801)
Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656)
Microsoft Expression Design Remote Code Execution Vulnerability (2651018)

Take action and discover your vulnerabilities