Microsoft .NET Framework vulnerabilities could allow remote code execution
Report ID: MS201205007
Date Published: 9 May 2012
Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote
Affected Product/Component:
Microsoft .NET Framework 1.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Summary
Two vulnerabilities reported found in Microsoft .NET Framework could each lead to remote code execution on an affected system.
Detailed Description
Microsoft has released a security update for Microsoft .NET Framework to resolve two reported vulnerabilities. One vulnerability was caused by incorrect treatment of untrusted data as trusted during the serialization process within the .NET Framework. The other one was caused by improper handling of an exception during the object serialization process. Both vulnerability could allow an attacker to execute arbitrary code and take control of the affected system.
These issues have been resolved in the update by correcting the way of handling trusted and untrusted data, and correcting the way of handling object serialization. Users are recommended to install this latest update to protect their system from potential exploit.
CVE Reference
CVE-2012-0160
CVE-2012-0161
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-035)
