Vulnerabilities in .NET Framework
Vulnerabilities in .NET Framework could allow remote code execution.
five privately reported vulnerabilities. NET Framework. The most severe of these vulnerabilities could allow remote code execution if an attacker to convince a user of the target system use autotune malicious file a proxy server, and then make a code in the currently running application.
1. System compromise in Microsoft .NET Framework
Danger: High
Patch: Yes
Number of vulnerabilities: 1
Vector of operation: Remote
Impact: System Compromise
Affected Products: Microsoft .NET Framework 2.x, Microsoft. NET Framework 3.x, Microsoft. NET Framework 4.x
Affected versions: Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4, Microsoft .NET Framework 4.5, Server Core installation option
Description:
The vulnerability allows a remote user to execute arbitrary code on the target system.
An error when receiving web-proxy settings by default. The vulnerability allows a remote user to execute arbitrary code on the target system.
***
2. Privilege Escalation Microsoft. NET Framework
Danger: Low
Patch: Yes
Number of vulnerabilities: 1
Vector of operation: Local
Impact: Privilege escalation
Affected Products: Microsoft. NET Framework 4.x
Affected versions:
Microsoft. NET Framework 4
Microsoft. NET Framework 4.5
Server Core installation option
Description:
Vulnerability allows local users to gain privileges on the target system.
The vulnerability is caused due to improper authentication of objects used in reflection. A local user can gain escalated privileges on the target system.
***
3. Privilege Escalation Microsoft. NET Framework
Danger: Low
Patch: Yes
Number of vulnerabilities: 1
Vector of operation: Local
Impact: Privilege escalation
Affected Products: Microsoft. NET Framework 1.x
Microsoft NET Framework 2.x
Microsoft NET Framework 3.x
Microsoft NET Framework 4.x
Affected versions:
Microsoft NET Framework 1.0
Microsoft NET Framework 2.0
Microsoft NET Framework 3.5.1
Microsoft. NET Framework 4
Server Core installation option
Description:
Vulnerability allows local users to gain privileges on the target system.
The vulnerability is caused due to improper authentication of certain objects, performing reflection. A local user can escalate privileges on the target system.
***
4. Disclosure of sensitive data in Microsoft. NET Framework
Danger: Low
Patch: Yes
Number of vulnerabilities: 1
Vector of operation: Remote
Impact: Disclosure of sensitive data
Affected Products: Microsoft . NET Framework 2.x
Microsoft . NET Framework 3.x
Affected versions:
Microsoft . NET Framework 2.0
Microsoft . NET Framework 3.5.1
Server Core installation option
Description:
Which can be exploited by malicious people to disclose sensitive data on the target system.
The vulnerability is caused due to insufficient processing data output function call through the partially trusted code. This can be exploited to disclose sensitive data on the target system.
***
5. Insecure Library Loading in Microsoft. NET Framework
Danger: High
Patch: Yes
Number of vulnerabilities: 1
Vector of operation: Remote
Impact: System Compromise
Affected Products: Microsoft NET Framework 1.x
Microsoft NET Framework 2.x
Microsoft NET Framework 3.x
Microsoft . NET Framework 4.x
Affected versions:
Microsoft NET Framework 1.x
Microsoft NET Framework 2.0
Microsoft NET Framework 3.5
Microsoft NET Framework 3.5.1
Microsoft NET Framework 4
Server Core installation option
Description:
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability is caused due to the application loads libraries insecurely. This can be exploited. DLL file located on a remote WebDAV or SMB share, download and execute arbitrary libraries on the system.
Manufacturer URL: http://www.microsoft.com/
Solution: To resolve the vulnerability patch from the manufacturer.
The majority of customers have automatic updating enabled and will not need to take any action because this security update is downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually.
Links:
http://technet.microsoft.com/security/bulletin/ms12-074
