Microsoft .NET Framework vulnerability could allow remote code execution
Report ID: MS201204003
Date Published: 12 April 2012
Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote
Affected Product/Component:
Microsoft .NET Framework 1.0 SP3
Microsoft .NET Framework 1.1 SP1
Microsoft .NET Framework 2.0 SP2
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Summary
A vulnerability in Microsoft .NET Framework could be exploited by an attacker to execute code and take control of an affected system.
Detailed Description
Microsoft has released a security patch for Microsoft .NET Framework to address a remote code execution vulnerability. The vulnerability was caused by improper validation of parameters when passing data to a function. An attacker could take advantage of this vulnerability in order to be able to run code in the context of a logged-on user or the user account of ASP.NET.
To address this issue, the latest released patch introduces correction in the way that .NET Framework validates parameters. Users are recommended to get this patch in order to protect their system from potential exploit attempts.
CVE Reference
CVE-2012-0163
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-025)
