Microsoft .NET Framework and Silverlight vulnerabilities could allow remote code execution
Report ID: MS201202009
Date Published: 15 February 2012
Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote
Affected Product/Component:
Microsoft .NET Framework
Microsoft Silverlight
Summary
Two vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight could each lead to remote code execution.
Detailed Description
Microsoft has issued a security update to address two vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. One vulnerability was caused by improper usage of unmanaged objects, while the other was caused by improper calculation of buffer length when processing input. An attacker might exploit these vulnerabilities in order to execute code and take control of an affected system.
This issues have been resolved in the update by correcting the way unmanaged objects are used and the way buffer lengths are calculated. Users are recommended to get this latest update to protect their system from potential exploit.
CVE Reference
CVE-2012-0014
CVE-2012-0015
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-016)
