Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   Microsoft .NET Vendors:   Microsoft
Microsoft .NET Parameter Validation Flaw Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1026907
SecurityTracker URL:
CVE Reference:   CVE-2012-0163   (Links to External Site)
Updated:  Jun 13 2012
Original Entry Date:  Apr 10 2012
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.1 SP1, 2.0 SP2, 3.5.1, 4
Description:   A vulnerability was reported in Microsoft .NET. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a web site that contains a specially crafted XAML browser application (XBAP) that, when loaded by the target user, will trigger an input validation error and execute arbitrary code on the target system. The code will run with the privileges of the target user.

Vitaliy Toropov (VeriSign iDefense Labs) reported this vulnerability.

Impact:   A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has a fix.

A patch matrix is available in the vendor's advisory.

[Editor's note: On June 12, 2012, Microsoft reissued MS12-025 to reoffer the security update. Customers should install the reofferred update, including those who have already successfully installed the original update.]

The Microsoft advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (2003), Windows (2008), Windows (7), Windows (Vista), Windows (XP)
Underlying OS Comments:  XP SP3, 2003 SP2, 2008 R2 SP1, Vista SP2, 7 SP1, 2008 SP2; and prior service packs

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC