NotCVE - vendor:"Microsoft" product:".net Framework" version:"2.0.50727"

Page 9 of 103 results (0.009 seconds)

CVSS: 9.3EPSS: 10%CPEs: 54EXPL: 0

CVE-2013-0004

https://notcve.org/view.php?id=CVE-2013-0004

09 Jan 2013 — Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability." Microsoft. NET Framework 1.0 Service Pack 3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4 y 4.5 no valida correctamente los permisos de los objetos en memoria, lo que permite ... • http://www.us-cert.gov/cas/techalerts/TA13-008A.html • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 48%CPEs: 38EXPL: 0

CVE-2012-4776

https://notcve.org/view.php?id=CVE-2012-4776

14 Nov 2012 — The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability." La funcionalidad Web Proxy Auto-Discovery (WPAD) de Microsoft .NET Fram... • http://osvdb.org/87266 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 8%CPEs: 39EXPL: 0

CVE-2012-1895

https://notcve.org/view.php?id=CVE-2012-1895

14 Nov 2012 — The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability." La implementación de "reflaction" en Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, v3.5.1, y v4 no refuerza los permisos de objetos de forma adecuada, lo que permite a ... • http://secunia.com/advisories/51236 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 50%CPEs: 15EXPL: 0

CVE-2012-1896

https://notcve.org/view.php?id=CVE-2012-1896

14 Nov 2012 — Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability." Microsoft .NET Framework 2.0 SP2 y v3.5.1 no consideran de forma adecuada los niveles de seguridad durante la construccion de los datos de salida, lo que permite a atacantes ... • http://secunia.com/advisories/51236 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.9EPSS: 0%CPEs: 43EXPL: 0

CVE-2012-2519

https://notcve.org/view.php?id=CVE-2012-2519

14 Nov 2012 — Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability." Una vulnerabilidad de ruta de búsqueda no confiable en Entity Framework en ADO.NET en Microsoft .NET Framework v1.0 Service Pack v3. v1.1 SP1, v2.0 SP2... • http://secunia.com/advisories/51236 •

CVSS: 9.3EPSS: 47%CPEs: 33EXPL: 0

CVE-2012-1855 – Microsoft .NET Framework Clipboard Unsafe Memory Access Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2012-1855

12 Jun 2012 — Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability." Microsoft .NET Framework v2.0 SP2, v3.5, v3.5.1, v4, y v4.5 no maneja adecuadamente los punteros de función, lo que permite a atacantes remotos ejecutar código arbitrario a través de (1) una aplicación nave... • http://www.us-cert.gov/cas/techalerts/TA12-164A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 57%CPEs: 7EXPL: 0

CVE-2012-0160

https://notcve.org/view.php?id=CVE-2012-0160

09 May 2012 — Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." Microsoft .NET Framework v1.0 SP3, v1.1 SP1, v2.0 SP2, v3.0 SP2, v3.5 SP1, v3.5.1, y v4 no serializa correctamente datos de entrada, permitiendo a atacantes remotos ejecutar código arb... • http://secunia.com/advisories/49117 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 55%CPEs: 7EXPL: 0

CVE-2012-0161

https://notcve.org/view.php?id=CVE-2012-0161

09 May 2012 — Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." Microsoft .NET Framework V1.0 SP3, V1.1 SP1, V2.0 SP2, V3.0 SP2, V3.5 SP1, V3.5.1, y v4 no controla correc... • http://secunia.com/advisories/49117 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 55%CPEs: 7EXPL: 1

CVE-2012-0163 – Microsoft .NET Framework EncoderParameter - Integer Overflow (MS12-025)

https://notcve.org/view.php?id=CVE-2012-0163

10 Apr 2012 — Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability." Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4 y 4.5 no valida convenientemente los parámetro de las funciones, lo que per... • https://www.exploit-db.com/exploits/18777 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 48%CPEs: 26EXPL: 0

CVE-2012-0014

https://notcve.org/view.php?id=CVE-2012-0014

14 Feb 2012 — Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability." Microsoft .NET Framework v2.0 SP2 y v3.5.1 y v4, y Silverlight v4... • http://www.us-cert.gov/cas/techalerts/TA12-045A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •

1...7 8 9 10 11