Microsoft .NET Framework Remote Code Execution Vulnerability (2745030)

  1. Network Vulnerabilities
  2. Windows : Microsoft Bulletins
  3. Microsoft .NET Framework Remote Code Execution Vulnerability (2745030)
Summary
This host is missing a critical security update according to Microsoft Bulletin MS12-074.
Impact
Successful exploitation will allow an attacker to execute arbitrary code with the privileges of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-074
Insight
- An error within permissions checking of objects that perform reflection can be exploited via a specially crafted XAML Browser Application (XBAP) or an untrusted .NET application. - An sanitisation error when processing partially trusted code can be exploited to disclose certain data via a specially crafted XAML Browser Application (XBAP) or an untrusted .NET application. - The Entity Framework component loads certain libraries in an insecure manner, which can be exploited to load arbitrary libraries by tricking a user into opening certain files located on a remote WebDAV or SMB share. - A validation error when acquiring proxy settings via the Web Proxy Auto-Discovery (WPAD) can be exploited to execute JavaScript code with reduced restrictions. - An error within permissions checking of Windows Presentation Foundation (WPF) objects that perform reflection can be exploited via a specially crafted XAML Browser Application (XBAP) or an untrusted .NET application.
Affected
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0, 3.5, 3.5.1, and 4
References
Updated on 2015-03-25
Severity
High Severity
Classification
Related Vulnerabilities