CVSS: 9.3EPSS: 57%CPEs: 7EXPL: 0CVE-2012-0160
https://notcve.org/view.php?id=CVE-2012-0160
09 May 2012 — Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." Microsoft .NET Framework v1.0 SP3, v1.1 SP1, v2.0 SP2, v3.0 SP2, v3.5 SP1, v3.5.1, y v4 no serializa correctamente datos de entrada, permitiendo a atacantes remotos ejecutar código arb... • http://secunia.com/advisories/49117 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 55%CPEs: 7EXPL: 0CVE-2012-0161
https://notcve.org/view.php?id=CVE-2012-0161
09 May 2012 — Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." Microsoft .NET Framework V1.0 SP3, V1.1 SP1, V2.0 SP2, V3.0 SP2, V3.5 SP1, V3.5.1, y v4 no controla correc... • http://secunia.com/advisories/49117 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 57%CPEs: 1EXPL: 0CVE-2012-0162 – Microsoft .NET Framework Undersized Glyph Buffer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0162
09 May 2012 — Microsoft .NET Framework 4 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Buffer Allocation Vulnerability." Microsoft .NET Framework 4 no asigna correctamente búfers, lo que permite a atacantes remotos ejecutar código arbitrario a través de (1) una aplicación manipulada del explorador XAML (también conocido como XBAP) o (2) una aplicación .NET Fr... • http://www.securityfocus.com/bid/53358 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 19%CPEs: 1EXPL: 0CVE-2012-0164
https://notcve.org/view.php?id=CVE-2012-0164
09 May 2012 — Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application hang) via crafted requests to a Windows Presentation Foundation (WPF) application, aka ".NET Framework Index Comparison Vulnerability." Microsoft .NET Framework 4 no compara correctamente valores de índice, permitiendo a atacantes remotos provocar una denegación de servicio (bloqueo de la aplicación) a través de solicitudes manipuladas a un equipo con Windows Presentatio... • http://www.securityfocus.com/bid/53363 •
CVSS: 9.3EPSS: 55%CPEs: 7EXPL: 1CVE-2012-0163 – Microsoft .NET Framework EncoderParameter - Integer Overflow (MS12-025)
https://notcve.org/view.php?id=CVE-2012-0163
10 Apr 2012 — Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability." Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4 y 4.5 no valida convenientemente los parámetro de las funciones, lo que per... • https://www.exploit-db.com/exploits/18777 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 48%CPEs: 26EXPL: 0CVE-2012-0014
https://notcve.org/view.php?id=CVE-2012-0014
14 Feb 2012 — Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability." Microsoft .NET Framework v2.0 SP2 y v3.5.1 y v4, y Silverlight v4... • http://www.us-cert.gov/cas/techalerts/TA12-045A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 15%CPEs: 41EXPL: 0CVE-2011-1253
https://notcve.org/view.php?id=CVE-2011-1253
12 Oct 2011 — Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability." Microsoft .NET Framework v1.0 SP3, v1.1 SP1, v2.0 SP2, v3.5.1, y v4, y Silverlight v4 ... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-078 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 21%CPEs: 15EXPL: 0CVE-2011-1977
https://notcve.org/view.php?id=CVE-2011-1977
10 Aug 2011 — The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify functions in URIs, which allows remote attackers to read arbitrary files via special characters in a URI in an HTTP request, aka "Chart Control Information Disclosure Vulnerability." Los controles ASP.NET Chart de Microsoft .NET Framework 4, and Chart Control para Microsoft .NET Framework 3.5 SP1, no verifican apropiadamente funciones en URIs, lo que permite a atacantes re... • http://www.us-cert.gov/cas/techalerts/TA11-221A.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 18%CPEs: 27EXPL: 0CVE-2011-1978
https://notcve.org/view.php?id=CVE-2011-1978
10 Aug 2011 — Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability." Microsoft .NET Framework v2.0 SP2, v3.5.1 y v4 no valida adecuadamente el nivel de confianza de System.Net.Socke... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-069 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 19%CPEs: 62EXPL: 0CVE-2011-0664
https://notcve.org/view.php?id=CVE-2011-0664
16 Jun 2011 — Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability." El framework Microsoft .NET 2.0 SP1 y SP2... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-039 • CWE-20: Improper Input Validation •