Microsoft .NET Framework Remote Code Execution Vulnerability (2706726) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS12-038.

Impact

Successful exploitation could allow an attacker to execute arbitrary code. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-038

Insight

The flaw is due to an error within the framework when handling pointers and can be exploited to corrupt memory via a specially crafted web page.

Affected

Microsoft .NET Framework 4 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 2.0 Service Pack 2

References

http://secunia.com/advisories/49418
http://support.microsoft.com/kb/2706726
http://technet.microsoft.com/en-us/security/bulletin/ms12-038
http://www.securitytracker.com/id/1027149

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-1855

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Data Analyzer and IE Developer Tools ActiveX Control Vulnerability (980195)
Microsoft Wireless LAN AutoConfig Service Remote Code Execution Vulnerability (970710)
Microsoft IIS Security Bypass Vulnerability (970483)
Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270)
Microsoft DirectShow Remote Code Execution Vulnerability (961373)

Take action and discover your vulnerabilities