fkie_nvd - fkie_cve-2012-0014

fkie_cve-2012-0014

Vulnerability from fkie_nvd

Published

2012-02-14 22:55

Modified

2025-01-21 19:15

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."

References

URL	Tags
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA12-045A.html	Third Party Advisory, US Government Resource
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-016
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13972
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA12-045A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-016
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13972

Impacted products

Vendor	Product	Version
microsoft	.net_framework	2.0
microsoft	.net_framework	3.5.1
microsoft	.net_framework	4.0
microsoft	windows_7	*
microsoft	windows_7	*
microsoft	windows_7	*
microsoft	windows_7	*
microsoft	windows_server_2003	*
microsoft	windows_server_2008	*
microsoft	windows_server_2008	*
microsoft	windows_server_2008	r2
microsoft	windows_server_2008	r2
microsoft	windows_vista	*
microsoft	windows_xp	*
microsoft	silverlight	4.0.50524.00
microsoft	silverlight	4.0.50826.0
microsoft	silverlight	4.0.50917.0
microsoft	silverlight	4.0.51204.0
microsoft	silverlight	4.0.60129.0
microsoft	silverlight	4.0.60310.0
microsoft	silverlight	4.0.60531.0
microsoft	silverlight	4.0.60831.0
microsoft	silverlight	4.0.603310.0
microsoft	silverlight	4.1.10111
apple	mac_os_x	*
microsoft	windows	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EDC4407-7E92-4E60-82F0-0C87D1860D3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "792B417F-96A0-4E9D-9E79-5D7F982E2225",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "CE381783-027E-4B6D-B801-59873E5EA483",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:*:*:x86:*:*:*:*:*",
              "matchCriteriaId": "A2C3594F-7C2C-4E2D-9BC5-F4F89B7BF4D5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:*:sp1:x64:*:*:*:*:*",
              "matchCriteriaId": "4FA15D65-7C32-4C7A-9915-746AB3F454EE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:*:sp1:x86:*:*:*:*:*",
              "matchCriteriaId": "976EFC05-9B37-4661-AD34-4FFDB5AB48E0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "FFF81F4B-7D92-4398-8658-84530FB8F518",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:*",
              "matchCriteriaId": "32C28EC2-8A34-4E30-A76A-86921D7332C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "CC916D5A-0644-4423-A52E-D4310906BE78",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*",
              "matchCriteriaId": "95DC297F-06DB-4FB3-BFB6-7312C059E047",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:4.0.50524.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "6433FA3A-EC9C-42C5-95B2-80CF5D99574A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:4.0.50826.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "064FDFCD-8DBA-4E10-9FFB-7415787653BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:4.0.50917.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D8B9EAD-2B3F-42D6-85DA-8473BE55EEA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:4.0.51204.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8578CAED-BB11-46B9-B3D4-8BE343E887EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:4.0.60129.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F69C9378-4B0D-4BC4-BEA0-466DAFBF6C88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:4.0.60310.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B647E12-A0D3-4593-BAB4-4F6277C3CD99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:4.0.60531.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E77ED71-B518-493E-9A55-B844B3A79803",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:4.0.60831.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D02F225D-3990-4A17-879E-4CC54D98ACCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:4.0.603310.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2C4E2D3-922C-419D-B5D7-F1C8F0A9A501",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:4.1.10111:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C98D5A9-1376-407F-89FA-B02A5B0A7B8A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka \".NET Framework Unmanaged Objects Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft .NET Framework v2.0 SP2 y v3.5.1 y v4, y Silverlight v4 antes de v4.1.10111, no restringe el acceso a la memoria asociada con objetos desatendidos, permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s  de (1) una aplicaci\u00f3n modificada de navegador XAML (tambi\u00e9n conocido como XBAP), (2) una aplicaci\u00f3n ASP.NET modificada, o (3) una aplicaci\u00f3n .NET Framework manipulada, tambi\u00e9n conocido como \".NET Framework Unmanaged Objects Vulnerability.\""
    }
  ],
  "id": "CVE-2012-0014",
  "lastModified": "2025-01-21T19:15:09.313",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2012-02-14T22:55:01.173",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-045A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-016"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13972"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-045A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-016"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13972"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

cve-2012-0014

Vulnerability from cvelistv5

Published

2012-02-14 22:00