CVSS: 9.3EPSS: 8%CPEs: 39EXPL: 0CVE-2012-1895
https://notcve.org/view.php?id=CVE-2012-1895
14 Nov 2012 — The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability." La implementación de "reflaction" en Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, v3.5.1, y v4 no refuerza los permisos de objetos de forma adecuada, lo que permite a ... • http://secunia.com/advisories/51236 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 50%CPEs: 15EXPL: 0CVE-2012-1896
https://notcve.org/view.php?id=CVE-2012-1896
14 Nov 2012 — Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability." Microsoft .NET Framework 2.0 SP2 y v3.5.1 no consideran de forma adecuada los niveles de seguridad durante la construccion de los datos de salida, lo que permite a atacantes ... • http://secunia.com/advisories/51236 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.9EPSS: 0%CPEs: 43EXPL: 0CVE-2012-2519
https://notcve.org/view.php?id=CVE-2012-2519
14 Nov 2012 — Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability." Una vulnerabilidad de ruta de búsqueda no confiable en Entity Framework en ADO.NET en Microsoft .NET Framework v1.0 Service Pack v3. v1.1 SP1, v2.0 SP2... • http://secunia.com/advisories/51236 •
CVSS: 9.3EPSS: 47%CPEs: 33EXPL: 0CVE-2012-1855 – Microsoft .NET Framework Clipboard Unsafe Memory Access Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-1855
12 Jun 2012 — Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability." Microsoft .NET Framework v2.0 SP2, v3.5, v3.5.1, v4, y v4.5 no maneja adecuadamente los punteros de función, lo que permite a atacantes remotos ejecutar código arbitrario a través de (1) una aplicación nave... • http://www.us-cert.gov/cas/techalerts/TA12-164A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 57%CPEs: 7EXPL: 0CVE-2012-0160
https://notcve.org/view.php?id=CVE-2012-0160
09 May 2012 — Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." Microsoft .NET Framework v1.0 SP3, v1.1 SP1, v2.0 SP2, v3.0 SP2, v3.5 SP1, v3.5.1, y v4 no serializa correctamente datos de entrada, permitiendo a atacantes remotos ejecutar código arb... • http://secunia.com/advisories/49117 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 55%CPEs: 7EXPL: 0CVE-2012-0161
https://notcve.org/view.php?id=CVE-2012-0161
09 May 2012 — Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." Microsoft .NET Framework V1.0 SP3, V1.1 SP1, V2.0 SP2, V3.0 SP2, V3.5 SP1, V3.5.1, y v4 no controla correc... • http://secunia.com/advisories/49117 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 57%CPEs: 1EXPL: 0CVE-2012-0162 – Microsoft .NET Framework Undersized Glyph Buffer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0162
09 May 2012 — Microsoft .NET Framework 4 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Buffer Allocation Vulnerability." Microsoft .NET Framework 4 no asigna correctamente búfers, lo que permite a atacantes remotos ejecutar código arbitrario a través de (1) una aplicación manipulada del explorador XAML (también conocido como XBAP) o (2) una aplicación .NET Fr... • http://www.securityfocus.com/bid/53358 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 19%CPEs: 1EXPL: 0CVE-2012-0164
https://notcve.org/view.php?id=CVE-2012-0164
09 May 2012 — Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application hang) via crafted requests to a Windows Presentation Foundation (WPF) application, aka ".NET Framework Index Comparison Vulnerability." Microsoft .NET Framework 4 no compara correctamente valores de índice, permitiendo a atacantes remotos provocar una denegación de servicio (bloqueo de la aplicación) a través de solicitudes manipuladas a un equipo con Windows Presentatio... • http://www.securityfocus.com/bid/53363 •
CVSS: 9.3EPSS: 55%CPEs: 7EXPL: 1CVE-2012-0163 – Microsoft .NET Framework EncoderParameter - Integer Overflow (MS12-025)
https://notcve.org/view.php?id=CVE-2012-0163
10 Apr 2012 — Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability." Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4 y 4.5 no valida convenientemente los parámetro de las funciones, lo que per... • https://www.exploit-db.com/exploits/18777 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 48%CPEs: 26EXPL: 0CVE-2012-0014
https://notcve.org/view.php?id=CVE-2012-0014
14 Feb 2012 — Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability." Microsoft .NET Framework v2.0 SP2 y v3.5.1 y v4, y Silverlight v4... • http://www.us-cert.gov/cas/techalerts/TA12-045A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •