Microsoft .NET Parameter Validation Flaw Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1026907 |
|
SecurityTracker URL: http://securitytracker.com/id/1026907
|
|
CVE Reference:
CVE-2012-0163
(Links to External Site)
|
Updated: Jun 13 2012
|
Original Entry Date: Apr 10 2012
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 1.1 SP1, 2.0 SP2, 3.5.1, 4
|
Description:
A vulnerability was reported in Microsoft .NET. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a web site that contains a specially crafted XAML browser application (XBAP) that, when loaded by the target user, will trigger an input validation error and execute arbitrary code on the target system. The code will run with the privileges of the target user.
Vitaliy Toropov (VeriSign iDefense Labs) reported this vulnerability.
|
Impact:
A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution:
The vendor has a fix.
A patch matrix is available in the vendor's advisory.
[Editor's note: On June 12, 2012, Microsoft reissued MS12-025 to reoffer the security update. Customers should install the reofferred update, including those who have already successfully installed the original update.]
The Microsoft advisory is available at:
http://technet.microsoft.com/en-us/security/bulletin/ms12-025
|
Vendor URL: technet.microsoft.com/en-us/security/bulletin/ms12-025 (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
Windows (2003), Windows (2008), Windows (7), Windows (Vista), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
