Page 28 of 180 results (0.002 seconds)

CVSS: 9.3EPSS: 92%CPEs: 33EXPL: 0

CVE-2012-1855 – Microsoft .NET Framework Clipboard Unsafe Memory Access Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2012-1855

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability." Microsoft .NET Framework v2.0 SP2, v3.5, v3.5.1, v4, y v4.5 no maneja adecuadamente los punteros de función, lo que permite a atacantes remotos ejecutar código arbitrario a través de (1) una aplicación navegador XAML modificada (también conocida como XBAP) o (2) una aplicación basada en el framework .NET modificada, también conocida como "vulnerabilidad .NET Framework de acceso de memoria". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the .NET Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within Microsoft .NET XAML Browser Application (XBAP) handling of Clipboard object data. It is possible to cause unsafe memory access within System.Windows.Forms.Clipboard, allowing an attacker to control the memory used by an object's native code. • http://www.us-cert.gov/cas/techalerts/TA12-164A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-038 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14717 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 92%CPEs: 7EXPL: 0

CVE-2012-0160

https://notcve.org/view.php?id=CVE-2012-0160

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." Microsoft .NET Framework v1.0 SP3, v1.1 SP1, v2.0 SP2, v3.0 SP2, v3.5 SP1, v3.5.1, y v4 no serializa correctamente datos de entrada, permitiendo a atacantes remotos ejecutar código arbitrario mediante (1) una aplicación XAML manipulada (también conocido como XBAP) o (2) una aplicación .NET Framework manipulada, también conocido como "Vulnerabilidad .NET Framework Serialization" • http://secunia.com/advisories/49117 http://www.securityfocus.com/bid/53356 http://www.securitytracker.com/id?1027036 http://www.us-cert.gov/cas/techalerts/TA12-129A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-035 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15554 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 92%CPEs: 7EXPL: 0

CVE-2012-0161

https://notcve.org/view.php?id=CVE-2012-0161

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." Microsoft .NET Framework V1.0 SP3, V1.1 SP1, V2.0 SP2, V3.0 SP2, V3.5 SP1, V3.5.1, y v4 no controla correctamente una excepción durante la serialización de datos de entrada, permitiendo a atacantes remotos ejecutar código arbitrario a través de (1) una aplicación manipulada del explorador XAML (también conocido como XBAP) o (2) una aplicación .NET Framework, también conocido como "Vulnerabilidad .NET Framework serialización" • http://secunia.com/advisories/49117 http://www.securityfocus.com/bid/53357 http://www.securitytracker.com/id?1027036 http://www.us-cert.gov/cas/techalerts/TA12-129A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-035 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14951 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 91%CPEs: 1EXPL: 0

CVE-2012-0162 – Microsoft .NET Framework Undersized Glyph Buffer Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2012-0162

Microsoft .NET Framework 4 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Buffer Allocation Vulnerability." Microsoft .NET Framework 4 no asigna correctamente búfers, lo que permite a atacantes remotos ejecutar código arbitrario a través de (1) una aplicación manipulada del explorador XAML (también conocido como XBAP) o (2) una aplicación .NET Framework manipulada, también conocido como "Vulnerabilidad .NET Framework Buffer Allocation" This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the .NET Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Microsoft .NET handling of XAML Browser Applications (XBAP) graphics components. It is possible to cause an undersized allocation for a buffer which is populated with user-supplied glyph data, resulting in memory corruption which can be leveraged to remotely execute code. • http://www.securityfocus.com/bid/53358 http://www.us-cert.gov/cas/techalerts/TA12-129A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14655 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 0

CVE-2012-0164

https://notcve.org/view.php?id=CVE-2012-0164

Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application hang) via crafted requests to a Windows Presentation Foundation (WPF) application, aka ".NET Framework Index Comparison Vulnerability." Microsoft .NET Framework 4 no compara correctamente valores de índice, permitiendo a atacantes remotos provocar una denegación de servicio (bloqueo de la aplicación) a través de solicitudes manipuladas a un equipo con Windows Presentation Foundation (WPF), también conocido como "Vulnerabilidad NET Framework Index Comparison" • http://www.securityfocus.com/bid/53363 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15580 •