Multiple vulnerabilities in Microsoft .NET Framework

Posted: November 14, 2012 in Vulnerabilities
Tags: , , , ,

Vulnerability

Vulnerabilities in .NET Framework

Vulnerabilities in .NET Framework could allow remote code execution.

five privately reported vulnerabilities. NET Framework. The most severe of these vulnerabilities could allow remote code execution if an attacker to convince a user of the target system use autotune malicious file a proxy server, and then make a code in the currently running application.

1. System compromise in Microsoft .NET Framework

Danger: High
Patch: Yes
Number of vulnerabilities: 1

Vector of operation: Remote
Impact: System Compromise

Affected Products: Microsoft .NET Framework 2.x, Microsoft. NET Framework 3.x, Microsoft. NET Framework 4.x

Affected versions: Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4, Microsoft .NET Framework 4.5, Server Core installation option

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

An error when receiving web-proxy settings by default. The vulnerability allows a remote user to execute arbitrary code on the target system.

***

2. Privilege Escalation Microsoft. NET Framework

Danger: Low
Patch: Yes
Number of vulnerabilities: 1

Vector of operation: Local
Impact: Privilege escalation

Affected Products: Microsoft. NET Framework 4.x

Affected versions:
Microsoft. NET Framework 4
Microsoft. NET Framework 4.5
Server Core installation option

Description:

Vulnerability allows local users to gain privileges on the target system.

The vulnerability is caused due to improper authentication of objects used in reflection. A local user can gain escalated privileges on the target system.

***

3. Privilege Escalation Microsoft. NET Framework

Danger: Low
Patch: Yes
Number of vulnerabilities: 1

Vector of operation: Local
Impact: Privilege escalation

Affected Products: Microsoft. NET Framework 1.x
Microsoft NET Framework 2.x
Microsoft NET Framework 3.x
Microsoft NET Framework 4.x

Affected versions:
Microsoft NET Framework 1.0
Microsoft NET Framework 2.0
Microsoft NET Framework 3.5.1
Microsoft. NET Framework 4
Server Core installation option

Description:

Vulnerability allows local users to gain privileges on the target system.

The vulnerability is caused due to improper authentication of certain objects, performing reflection. A local user can escalate privileges on the target system.

***

4. Disclosure of sensitive data in Microsoft. NET Framework

Danger: Low
Patch: Yes
Number of vulnerabilities: 1

Vector of operation: Remote
Impact: Disclosure of sensitive data

Affected Products: Microsoft . NET Framework 2.x
Microsoft . NET Framework 3.x

Affected versions:
Microsoft . NET Framework 2.0
Microsoft . NET Framework 3.5.1
Server Core installation option

Description:

Which can be exploited by malicious people to disclose sensitive data on the target system.

The vulnerability is caused due to insufficient processing data output function call through the partially trusted code. This can be exploited to disclose sensitive data on the target system.

***

5. Insecure Library Loading in Microsoft. NET Framework

Danger: High
Patch: Yes
Number of vulnerabilities: 1

Vector of operation: Remote
Impact: System Compromise

Affected Products: Microsoft NET Framework 1.x
Microsoft NET Framework 2.x
Microsoft NET Framework 3.x
Microsoft . NET Framework 4.x

Affected versions:
Microsoft NET Framework 1.x
Microsoft NET Framework 2.0
Microsoft NET Framework 3.5
Microsoft NET Framework 3.5.1
Microsoft NET Framework 4
Server Core installation option

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability is caused due to the application loads libraries insecurely. This can be exploited. DLL file located on a remote WebDAV or SMB share, download and execute arbitrary libraries on the system.

Manufacturer URL: http://www.microsoft.com/

Solution: To resolve the vulnerability patch from the manufacturer.

The majority of customers have automatic updating enabled and will not need to take any action because this security update is downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually.

Links:
http://technet.microsoft.com/security/bulletin/ms12-074

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s