CVE-2012-0163
Microsoft .NET Framework EncoderParameter - Integer Overflow (MS12-025)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4 y 4.5 no valida convenientemente los parámetro de las funciones, lo que permite a atacantes remotos ejecutar código arbitrario a través de (1) una aplicación de navegador XAML modificada (XBAP), (2) una aplicación ASP.NET modificada o (3) una aplicación .NET Framework modificada. También conocida como "vulnerabilidad de validación de parámetros de .NET Framework".
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-12-13 CVE Reserved
- 2012-04-10 CVE Published
- 2012-04-24 First Exploit
- 2024-08-06 CVE Updated
- 2024-10-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id?1026907 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA12-101A.html | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/74377 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15495 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/18777 | 2012-04-24 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-025 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.0 Search vendor "Microsoft" for product ".net Framework" and version "1.0" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 1.1 Search vendor "Microsoft" for product ".net Framework" and version "1.1" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 2.0 Search vendor "Microsoft" for product ".net Framework" and version "2.0" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 3.5 Search vendor "Microsoft" for product ".net Framework" and version "3.5" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 3.5.1 Search vendor "Microsoft" for product ".net Framework" and version "3.5.1" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 4.0 Search vendor "Microsoft" for product ".net Framework" and version "4.0" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 4.5 Search vendor "Microsoft" for product ".net Framework" and version "4.5" | - |
Affected
| ||||||