 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.902934 |
| Categoría: | Windows : Microsoft Bulletins |
| Título: | Microsoft .NET Framework Remote Code Execution Vulnerability (2745030) |
| Resumen: | This host is missing a critical security update according to; Microsoft Bulletin MS12-074. |
| Descripción: | Summary: This host is missing a critical security update according to Microsoft Bulletin MS12-074. Vulnerability Insight: - An error within permissions checking of objects that perform reflection can be exploited via a specially crafted XAML Browser Application (XBAP) or an untrusted .NET application. - An sanitisation error when processing partially trusted code can be exploited to disclose certain data via a specially crafted XAML Browser Application (XBAP) or an untrusted .NET application. - The Entity Framework component loads certain libraries in an insecure manner, which can be exploited to load arbitrary libraries by tricking a user into opening certain files located on a remote WebDAV or SMB share. - A validation error when acquiring proxy settings via the Web Proxy Auto-Discovery (WPAD) can be exploited to execute JavaScript code with reduced restrictions. - An error within permissions checking of Windows Presentation Foundation (WPF) objects that perform reflection can be exploited via a specially crafted XAML Browser Application (XBAP) or an untrusted .NET application. Vulnerability Impact: Successful exploitation will allow an attacker to execute arbitrary code with the privileges of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Affected Software/OS: Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0, 3.5, 3.5.1, and 4. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-1895 Cert/CC Advisory: TA12-318A http://www.us-cert.gov/cas/techalerts/TA12-318A.html Microsoft Security Bulletin: MS12-074 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15924 http://www.securitytracker.com/id?1027753 http://secunia.com/advisories/51236 Common Vulnerability Exposure (CVE) ID: CVE-2012-1896 BugTraq ID: 56456 http://www.securityfocus.com/bid/56456 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15785 Common Vulnerability Exposure (CVE) ID: CVE-2012-2519 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15520 Common Vulnerability Exposure (CVE) ID: CVE-2012-4776 BugTraq ID: 56463 http://www.securityfocus.com/bid/56463 http://osvdb.org/87266 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15810 Common Vulnerability Exposure (CVE) ID: CVE-2012-4777 BugTraq ID: 56464 http://www.securityfocus.com/bid/56464 http://osvdb.org/87267 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15960 |
| Copyright | Copyright (C) 2012 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |