Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft .NET Framework vulnerability could allow remote code execution


Report ID: MS201204003
Date Published: 12 April 2012

Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Microsoft .NET Framework 1.0 SP3
Microsoft .NET Framework 1.1 SP1
Microsoft .NET Framework 2.0 SP2
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4




Summary

A vulnerability in Microsoft .NET Framework could be exploited by an attacker to execute code and take control of an affected system.



Detailed Description

Microsoft has released a security patch for Microsoft .NET Framework to address a remote code execution vulnerability. The vulnerability was caused by improper validation of parameters when passing data to a function. An attacker could take advantage of this vulnerability in order to be able to run code in the context of a logged-on user or the user account of ASP.NET.

To address this issue, the latest released patch introduces correction in the way that .NET Framework validates parameters. Users are recommended to get this patch in order to protect their system from potential exploit attempts.



CVE Reference

CVE-2012-0163



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-025)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.