Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:2BA552B3191810DF63A9FE54DF8FE7C2
HistoryJun 18, 2012 - 12:00 a.m.

Microsoft .NET Framework Memory Access Vulnerability

2012-06-1800:00:00
SAINT Corporation
www.saintcorporation.com
25

0.867 High

EPSS

Percentile

98.6%

JSON

Added: 06/18/2012
CVE: CVE-2012-1855
BID: 53861
OSVDB: 82859

Background

The .NET Framework is a software framework for Microsoft Windows. It includes a large class library that provides user interface, data access, database connectivity, cryptography, web application development, numeric algorithms, and network communications. Programs written for the .NET Framework execute in a software environment known as the Common Language Runtime (CLR), an application virtual machine that provides services such as security, memory management, and exception handling. The class library and the CLR together constitute the .NET Framework.

Problem

Microsoft .NET Framework is vulnerable to remote code execution due to a memory corruption flaw because the framework fails to sanitize user-supplied input when handling function pointers. If a remote attacker persuades a user to open a specially crafted web page, the attacker could execute arbitrary code in the context of the vulnerable user.

Resolution

Apply the patch provided in Microsoft Security Bulletin MS12-038.

References

<http://www.cvedetails.com/cve/CVE-2012-1855/&gt;

Limitations

This exploit has been tested against Microsoft .NET Framework 4 on Microsoft Windows XP SP3 English (DEP OptIn).

The user must open the exploit file in Internet Explorer 8.

Platforms

Windows

Related

cve 1
saint 3
checkpoint_advisories 1
securityvulns 2
openvas 2
prion 1
zdi 1
nessus 1
cvelist 1
mskb 1
nvd 1
cve
cve
CVE-2012-1855
2012-06-12 22:55:01
saint
saint
Microsoft .NET Framework Memory Access Vulnerability
2012-06-18 00:00:00
Microsoft .NET Framework Memory Access Vulnerability
2012-06-18 00:00:00
Microsoft .NET Framework Memory Access Vulnerability
2012-06-18 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft .NET Framework Function Pointer Remote Code Execution (MS12-038; CVE-2012-1855)
2012-06-12 00:00:00
securityvulns
securityvulns
ZDI-12-141 : Microsoft .NET Framework Clipboard Unsafe Memory Access Remote Code Execution Vulnerability
2012-08-20 00:00:00
Microsoft Windows multiple security vulnerabilities
2012-08-20 00:00:00
openvas
openvas
Microsoft .NET Framework Remote Code Execution Vulnerability (2706726)
2012-06-13 00:00:00
Microsoft .NET Framework Remote Code Execution Vulnerability (2706726)
2012-06-13 00:00:00
prion
prion
Improper access control
2012-06-12 22:55:00
zdi
zdi
Microsoft .NET Framework Clipboard Unsafe Memory Access Remote Code Execution Vulnerability
2012-08-17 00:00:00
nessus
nessus
MS12-038: Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726)
2012-06-13 00:00:00
cvelist
cvelist
CVE-2012-1855
2012-06-12 22:00:00
mskb
mskb
MS12-038: Vulnerability in the .NET Framework could allow remote code execution: June 12, 2012
2012-06-12 00:00:00
nvd
nvd
CVE-2012-1855
2012-06-12 22:55:01

0.867 High

EPSS

Percentile

98.6%

JSON
Related for SAINT:2BA552B3191810DF63A9FE54DF8FE7C2
cve1saint3checkpoint_advisories1securityvulns2openvas2prion1zdi1nessus1cvelist1mskb1nvd1