Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft .NET Framework and Silverlight vulnerabilities could allow remote code execution


Report ID: MS201202009
Date Published: 15 February 2012

Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Microsoft .NET Framework
Microsoft Silverlight 




Summary

Two vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight could each lead to remote code execution.



Detailed Description

Microsoft has issued a security update to address two vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. One vulnerability was caused by improper usage of unmanaged objects, while the other was caused by improper calculation of buffer length when processing input. An attacker might exploit these vulnerabilities in order to execute code and take control of an affected system.

This issues have been resolved in the update by correcting the way unmanaged objects are used and the way buffer lengths are calculated. Users are recommended to get this latest update to protect their system from potential exploit.

 



CVE Reference

CVE-2012-0014
CVE-2012-0015



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-016)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.