Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft .NET Framework vulnerabilities could allow remote code execution


Report ID: MS201211004
Date Published: 14 November 2012

Criticality: Critical
Compromise Type: remote-code-execution privilege-escalation information-disclosure
Compromise From: remote


Affected Product/Component:

Microsoft .NET Framework 1.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Microsoft .NET Framework 4.5




Summary

Five vulnerabilities reported found in Microsoft .NET Framework could lead to several compromising situations, including remote code execution, escalation of privilege, and information disclosure.



Detailed Description

Microsoft has released a security update to address five vulnerabilities in .NET Framework. Two of the most severe vulnerabilities could allow an attacker to execute arbitrary code and take control of an affected system, while the others could lead to escalation of privilege or information of disclosure.

These issues have been resolved through the latest security update. Users are recommended to install this update to protect their system from potential exploit attempts.



CVE Reference

CVE-2012-1895, CVE-2012-1896, CVE-2012-2519, CVE-2012-4776, CVE-2012-4777



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-074)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.