var-201202-0054
Vulnerability from variot

Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability.". Microsoft Silverlight and Microsoft .NET Framework are prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition. The platform includes the C# and Visual Basic programming languages, the common language runtime, and an extensive class library. Microsoft has released updates to address these vulnerabilities.

I. Description

The Microsoft Security Bulletin Summary for February 2012 describes multiple vulnerabilities in Microsoft Windows. Microsoft has released updates to address the vulnerabilities.

II.

III. Solution

Apply updates

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for February 2012, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates.

IV. References


The most recent version of this document can be found at:

 <http://www.us-cert.gov/cas/techalerts/TA12-045A.html>

Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA12-045A Feedback VU#752838" in the subject.


For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.


Produced 2012 by US-CERT, a government organization.

Terms of use:

 <http://www.us-cert.gov/legal.html>

Revision History

February 14, 2012: Initial release

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTzqp2T/GkGVXE7GMAQKh6wgAg9gjZ3sCu3eepRZEyFy4PkGhC4A1jzgw 2soH7tPOimgpzlLVbkJ7/RQYylCYixzEa9PbL9v/RzXh/TVVeXrPU97SqmLOAXr7 gtgcapZBGSHBmqYF5BWRnXVRVOQv+JpmdA5AJHO89qQl4okr9VVTCTnQkrAFyzfP 40uf/Nr0DrTRI9dmEjsLTzvOhh0G2HKnBmbpybGaOqoQao67ih/HEOkp6bsCUBwK joX4C3nK9EdMPNK8YAzrHNbM0ANR5DfieGXBsCwNi6/3zZvGB+PKhAu6bikbQrXW iRpyS3IirvDB59KNlmQp3jdaodNHSLOg5JuF7kOdQ1m8qa+DjwSvJQ== =E3Fg -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201202-0054",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "3.5.1"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.0.60831.0"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.0.60310.0"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.0.51204.0"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.0.603310.0"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.0.60531.0"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.0.50826.0"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.0.50917.0"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.0.50524.00"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.1.10111"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.0.60129.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "microsoft",
        "version": "4.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2.0 sp2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "4"
      },
      {
        "model": "silverlight",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "4.1.10111   4"
      },
      {
        "model": "windows 7",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(x32) sp1 before"
      },
      {
        "model": "windows 7",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(x64) sp1 before"
      },
      {
        "model": "windows server 2003",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(itanium) sp2"
      },
      {
        "model": "windows server 2003",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(x64) sp2"
      },
      {
        "model": "windows server 2003",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "sp2"
      },
      {
        "model": "windows server 2008",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(itanium) sp2"
      },
      {
        "model": "windows server 2008",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(x64) sp2"
      },
      {
        "model": "windows server 2008",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(x86) sp2"
      },
      {
        "model": "windows server 2008",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "r2(itanium) sp1 before"
      },
      {
        "model": "windows server 2008",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "r2(x64) sp1 before"
      },
      {
        "model": "windows vista",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(x64) sp2"
      },
      {
        "model": "windows vista",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "sp2"
      },
      {
        "model": "windows xp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(x64) sp2"
      },
      {
        "model": "windows xp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "sp3 sp3"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "4.0"
      },
      {
        "model": ".net framework sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": ".net framework sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": "messaging application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "messaging application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5"
      },
      {
        "model": "messaging application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4"
      },
      {
        "model": "meeting exchange webportal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "-0"
      },
      {
        "model": "meeting exchange web conferencing server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "-0"
      },
      {
        "model": "meeting exchange streaming server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "-0"
      },
      {
        "model": "meeting exchange recording server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "-0"
      },
      {
        "model": "meeting exchange client registration server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "-0"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0.0.52"
      },
      {
        "model": "meeting exchange sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "meeting exchange sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "communication server telephony manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "10004.0"
      },
      {
        "model": "communication server telephony manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "10003.0"
      },
      {
        "model": "callpilot",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "callpilot",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "aura conferencing standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "51938"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001443"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-0014"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201202-274"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:*:sp1:x86:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:*:*:x86:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:*:sp1:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:*:*:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:4.0.50524.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:4.0.50826.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:4.0.50917.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:4.0.51204.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:4.0.60129.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:4.0.60310.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:4.0.60531.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:4.0.60831.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:4.0.603310.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:4.1.10111:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-0014"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jeroen Frijters of Sumatra",
    "sources": [
      {
        "db": "BID",
        "id": "51938"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2012-0014",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2012-0014",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-53295",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2012-0014",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201202-274",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-53295",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-53295"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001443"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-0014"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201202-274"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka \".NET Framework Unmanaged Objects Vulnerability.\". Microsoft Silverlight and Microsoft .NET Framework are prone to a remote code-execution vulnerability. \nSuccessful exploits will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition. The platform includes the C# and Visual Basic programming languages, the common language runtime, and an extensive class library. Microsoft has released updates to\n   address these vulnerabilities. \n\n\nI. Description\n\n   The Microsoft Security Bulletin Summary for February 2012 describes\n   multiple vulnerabilities in Microsoft Windows. Microsoft has\n   released updates to address the vulnerabilities. \n\n\nII. \n\n\nIII. Solution\n\n   Apply updates\n\n   Microsoft has provided updates for these vulnerabilities in the\n   Microsoft Security Bulletin Summary for February 2012, which\n   describes any known issues related to the updates. Administrators\n   are encouraged to note these issues and test for any potentially\n   adverse effects. In addition, administrators should consider using\n   an automated update distribution system such as Windows Server\n   Update Services (WSUS). Home users are encouraged to enable\n   automatic updates. \n\n\nIV. References\n\n * Microsoft Security Bulletin Summary for February 2012 -\n   \u003chttps://technet.microsoft.com/en-us/security/bulletin/ms12-feb\u003e\n\n * Microsoft Windows Server Update Services -\n   \u003chttp://technet.microsoft.com/en-us/wsus/default.aspx\u003e\n\n * Microsoft Update - \u003chttps://www.update.microsoft.com/\u003e\n\n * Microsoft Update Overview -\n   \u003chttp://www.microsoft.com/security/updates/mu.aspx\u003e\n\n * Turn Automatic Updating On or Off -\n   \u003chttp://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off\u003e\n\n ____________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA12-045A.html\u003e\n ____________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to \u003ccert@cert.org\u003e with \"TA12-045A Feedback VU#752838\" in\n   the subject. \n ____________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n   Produced 2012 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n\n  February 14, 2012: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBTzqp2T/GkGVXE7GMAQKh6wgAg9gjZ3sCu3eepRZEyFy4PkGhC4A1jzgw\n2soH7tPOimgpzlLVbkJ7/RQYylCYixzEa9PbL9v/RzXh/TVVeXrPU97SqmLOAXr7\ngtgcapZBGSHBmqYF5BWRnXVRVOQv+JpmdA5AJHO89qQl4okr9VVTCTnQkrAFyzfP\n40uf/Nr0DrTRI9dmEjsLTzvOhh0G2HKnBmbpybGaOqoQao67ih/HEOkp6bsCUBwK\njoX4C3nK9EdMPNK8YAzrHNbM0ANR5DfieGXBsCwNi6/3zZvGB+PKhAu6bikbQrXW\niRpyS3IirvDB59KNlmQp3jdaodNHSLOg5JuF7kOdQ1m8qa+DjwSvJQ==\n=E3Fg\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-0014"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001443"
      },
      {
        "db": "BID",
        "id": "51938"
      },
      {
        "db": "VULHUB",
        "id": "VHN-53295"
      },
      {
        "db": "PACKETSTORM",
        "id": "109763"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2012-0014",
        "trust": 2.8
      },
      {
        "db": "USCERT",
        "id": "TA12-045A",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001443",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201202-274",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "51938",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-53295",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "109763",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-53295"
      },
      {
        "db": "BID",
        "id": "51938"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001443"
      },
      {
        "db": "PACKETSTORM",
        "id": "109763"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-0014"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201202-274"
      }
    ]
  },
  "id": "VAR-201202-0054",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-53295"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T10:59:07.604000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "MS12-016",
        "trust": 0.8,
        "url": "http://technet.microsoft.com/en-us/security/bulletin/ms12-016"
      },
      {
        "title": "MS12-016",
        "trust": 0.8,
        "url": "http://technet.microsoft.com/ja-jp/security/bulletin/ms12-016"
      },
      {
        "title": "TA12-045A",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta12-045a.html"
      },
      {
        "title": "Windows6.0-KB2633874-ia64",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42658"
      },
      {
        "title": "Windows6.1-KB2633879-x64",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42662"
      },
      {
        "title": "Windows6.1-KB2633873-x86",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42666"
      },
      {
        "title": "NDP20SP2-KB2633880-x86",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42654"
      },
      {
        "title": "NDP40-KB2633870-x86",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42657"
      },
      {
        "title": "Windows6.1-KB2633879-ia64",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42661"
      },
      {
        "title": "Windows6.1-KB2633873-x64",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42665"
      },
      {
        "title": "NDP20SP2-KB2633880-x64",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42653"
      },
      {
        "title": "Windows6.0-KB2633874-x86",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42660"
      },
      {
        "title": "Windows6.1-KB2633873-ia64",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42664"
      },
      {
        "title": "NDP20SP2-KB2633880-IA64",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42652"
      },
      {
        "title": "NDP40-KB2633870-x64",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42656"
      },
      {
        "title": "Windows6.0-KB2633874-x64",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42659"
      },
      {
        "title": "Windows6.1-KB2633879-x86",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42663"
      },
      {
        "title": "NDP40-KB2633870-IA64",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42655"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001443"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201202-274"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-94",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-53295"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001443"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-0014"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.us-cert.gov/cas/techalerts/ta12-045a.html"
      },
      {
        "trust": 1.7,
        "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-016"
      },
      {
        "trust": 1.7,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a13972"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0014"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2012/at120005.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta12-045a"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0014"
      },
      {
        "trust": 0.8,
        "url": "http://www.npa.go.jp/cyberpolice/#topics"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/silverlight/"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100156771"
      },
      {
        "trust": 0.3,
        "url": "http://technet.microsoft.com/en-us/security/bulletin/ms12-016"
      },
      {
        "trust": 0.1,
        "url": "http://windows.microsoft.com/en-us/windows-vista/turn-automatic-updating-on-or-off\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://www.update.microsoft.com/\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://technet.microsoft.com/en-us/security/bulletin/ms12-feb\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/security/updates/mu.aspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/signup.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta12-045a.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://technet.microsoft.com/en-us/wsus/default.aspx\u003e"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-53295"
      },
      {
        "db": "BID",
        "id": "51938"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001443"
      },
      {
        "db": "PACKETSTORM",
        "id": "109763"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-0014"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201202-274"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-53295"
      },
      {
        "db": "BID",
        "id": "51938"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001443"
      },
      {
        "db": "PACKETSTORM",
        "id": "109763"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-0014"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201202-274"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-02-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-53295"
      },
      {
        "date": "2012-02-14T00:00:00",
        "db": "BID",
        "id": "51938"
      },
      {
        "date": "2012-02-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-001443"
      },
      {
        "date": "2012-02-15T00:07:50",
        "db": "PACKETSTORM",
        "id": "109763"
      },
      {
        "date": "2012-02-14T22:55:01.173000",
        "db": "NVD",
        "id": "CVE-2012-0014"
      },
      {
        "date": "2012-02-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201202-274"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-09-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-53295"
      },
      {
        "date": "2012-02-15T17:40:00",
        "db": "BID",
        "id": "51938"
      },
      {
        "date": "2012-02-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-001443"
      },
      {
        "date": "2023-12-07T18:38:56.693000",
        "db": "NVD",
        "id": "CVE-2012-0014"
      },
      {
        "date": "2020-09-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201202-274"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201202-274"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft .NET Framework and  Silverlight Vulnerable to arbitrary code execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001443"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201202-274"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.