CVE-2012-4777

Severity Score

8.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "WPF Reflection Optimization Vulnerability."

La funcionalidad de optimización del código en la implementación de reflection en Microsoft .NET Framework v4 y v4.5 no aplica correctamente los permisos de los objetos, lo que permite a atacantes remotos ejecutar código de su elección a través de (1) una aplicación de explorador XAML modificada (también conocida como XBAP) o (2) una aplicación .NET Framework modificada. Se trata de un problema también conocido como "reflexión WPF vulnerabilidad Optimization".

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-09-06 CVE Reserved
2012-11-14 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (7)

URL	Tag	Source
http://osvdb.org/87267	Vdb Entry
http://secunia.com/advisories/51236	Third Party Advisory
http://www.securityfocus.com/bid/56464	Vdb Entry
http://www.securitytracker.com/id?1027753	Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA12-318A.html	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15960	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-074	2023-12-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	4.0 Search vendor "Microsoft" for product ".net Framework" and version "4.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows 7 Search vendor "Microsoft" for product "Windows 7"	*	x64	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	4.0 Search vendor "Microsoft" for product ".net Framework" and version "4.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows 7 Search vendor "Microsoft" for product "Windows 7"	*	x86	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	4.0 Search vendor "Microsoft" for product ".net Framework" and version "4.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows 7 Search vendor "Microsoft" for product "Windows 7"	*	sp1, x64	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	4.0 Search vendor "Microsoft" for product ".net Framework" and version "4.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows 7 Search vendor "Microsoft" for product "Windows 7"	*	sp1, x86	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	4.0 Search vendor "Microsoft" for product ".net Framework" and version "4.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003"	*	sp2	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	4.0 Search vendor "Microsoft" for product ".net Framework" and version "4.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"	*	r2, itanium	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	4.0 Search vendor "Microsoft" for product ".net Framework" and version "4.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"	*	r2, x64	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	4.0 Search vendor "Microsoft" for product ".net Framework" and version "4.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"	*	sp2, itanium	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	4.0 Search vendor "Microsoft" for product ".net Framework" and version "4.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"	*	sp2, x64	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	4.0 Search vendor "Microsoft" for product ".net Framework" and version "4.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"	*	sp2, x86	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	4.0 Search vendor "Microsoft" for product ".net Framework" and version "4.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Vista Search vendor "Microsoft" for product "Windows Vista"	*	sp2	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	4.0 Search vendor "Microsoft" for product ".net Framework" and version "4.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	*	sp3	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	4.0 Search vendor "Microsoft" for product ".net Framework" and version "4.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	-	sp2, x64	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	4.5 Search vendor "Microsoft" for product ".net Framework" and version "4.5"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows 7 Search vendor "Microsoft" for product "Windows 7"	*	x86	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	4.5 Search vendor "Microsoft" for product ".net Framework" and version "4.5"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows 7 Search vendor "Microsoft" for product "Windows 7"	*	sp1, x64	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	4.5 Search vendor "Microsoft" for product ".net Framework" and version "4.5"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows 8 Search vendor "Microsoft" for product "Windows 8"	-	x64	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	4.5 Search vendor "Microsoft" for product ".net Framework" and version "4.5"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows 8 Search vendor "Microsoft" for product "Windows 8"	-	x86	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	4.5 Search vendor "Microsoft" for product ".net Framework" and version "4.5"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Rt Search vendor "Microsoft" for product "Windows Rt"	-	-	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	4.5 Search vendor "Microsoft" for product ".net Framework" and version "4.5"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"	*	sp2, x64	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	4.5 Search vendor "Microsoft" for product ".net Framework" and version "4.5"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"	*	sp2, x86	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	4.5 Search vendor "Microsoft" for product ".net Framework" and version "4.5"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2012 Search vendor "Microsoft" for product "Windows Server 2012"	-	-	Safe
Microsoft Search vendor "Microsoft"	.net Framework Search vendor "Microsoft" for product ".net Framework"	4.5 Search vendor "Microsoft" for product ".net Framework" and version "4.5"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Vista Search vendor "Microsoft" for product "Windows Vista"	*	sp2	Safe