 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.902934 |
| Kategorie: | Windows : Microsoft Bulletins |
| Titel: | Microsoft .NET Framework Remote Code Execution Vulnerability (2745030) |
| Zusammenfassung: | This host is missing a critical security update according to; Microsoft Bulletin MS12-074. |
| Beschreibung: | Summary: This host is missing a critical security update according to Microsoft Bulletin MS12-074. Vulnerability Insight: - An error within permissions checking of objects that perform reflection can be exploited via a specially crafted XAML Browser Application (XBAP) or an untrusted .NET application. - An sanitisation error when processing partially trusted code can be exploited to disclose certain data via a specially crafted XAML Browser Application (XBAP) or an untrusted .NET application. - The Entity Framework component loads certain libraries in an insecure manner, which can be exploited to load arbitrary libraries by tricking a user into opening certain files located on a remote WebDAV or SMB share. - A validation error when acquiring proxy settings via the Web Proxy Auto-Discovery (WPAD) can be exploited to execute JavaScript code with reduced restrictions. - An error within permissions checking of Windows Presentation Foundation (WPF) objects that perform reflection can be exploited via a specially crafted XAML Browser Application (XBAP) or an untrusted .NET application. Vulnerability Impact: Successful exploitation will allow an attacker to execute arbitrary code with the privileges of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Affected Software/OS: Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0, 3.5, 3.5.1, and 4. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Querverweis: |
BugTraq ID: 56455 BugTraq ID: 56456 BugTraq ID: 56462 BugTraq ID: 56464 Common Vulnerability Exposure (CVE) ID: CVE-2012-1895 Cert/CC Advisory: TA12-318A http://www.us-cert.gov/cas/techalerts/TA12-318A.html Microsoft Security Bulletin: MS12-074 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15924 http://www.securitytracker.com/id?1027753 http://secunia.com/advisories/51236 Common Vulnerability Exposure (CVE) ID: CVE-2012-1896 http://www.securityfocus.com/bid/56456 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15785 Common Vulnerability Exposure (CVE) ID: CVE-2012-2519 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15520 Common Vulnerability Exposure (CVE) ID: CVE-2012-4776 BugTraq ID: 56463 http://www.securityfocus.com/bid/56463 http://osvdb.org/87266 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15810 Common Vulnerability Exposure (CVE) ID: CVE-2012-4777 http://www.securityfocus.com/bid/56464 http://osvdb.org/87267 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15960 |
| Copyright | Copyright (C) 2012 Greenbone Networks GmbH |
| Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |