Microsoft .NET Framework vulnerabilities could allow remote code execution
Report ID: MS201205007
Date Published: 9 May 2012
Compromise Type: remote-code-execution
Compromise From: remote
Microsoft .NET Framework 1.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Two vulnerabilities reported found in Microsoft .NET Framework could each lead to remote code execution on an affected system.
Microsoft has released a security update for Microsoft .NET Framework to resolve two reported vulnerabilities. One vulnerability was caused by incorrect treatment of untrusted data as trusted during the serialization process within the .NET Framework. The other one was caused by improper handling of an exception during the object serialization process. Both vulnerability could allow an attacker to execute arbitrary code and take control of the affected system.
These issues have been resolved in the update by correcting the way of handling trusted and untrusted data, and correcting the way of handling object serialization. Users are recommended to install this latest update to protect their system from potential exploit.
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-035)