Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft .NET Framework vulnerabilities could allow remote code execution


Report ID: MS201205007
Date Published: 9 May 2012

Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Microsoft .NET Framework 1.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4




Summary

Two vulnerabilities reported found in Microsoft .NET Framework could each lead to remote code execution on an affected system.



Detailed Description

Microsoft has released a security update for Microsoft .NET Framework to resolve two reported vulnerabilities. One vulnerability was caused by incorrect treatment of untrusted data as trusted during the serialization process within the .NET Framework. The other one was caused by improper handling of an exception during the object serialization process. Both vulnerability could allow an attacker to execute arbitrary code and take control of the affected system.

These issues have been resolved in the update by correcting the way of handling trusted and untrusted data, and correcting the way of handling object serialization. Users are recommended to install this latest update to protect their system from potential exploit.



CVE Reference

CVE-2012-0160
CVE-2012-0161



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-035)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.