Summary
This host is missing a critical security update according to Microsoft Bulletin MS12-035.
Impact
Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the currently logged-in user. Failed attacks will cause denial-of-service conditions.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-035
Insight
The flaws are due to
- An error within the .NET Framework does not properly serialize user input and can be exploited to treat untrusted input as trusted.
- An error within the .NET Framework does not properly handle exceptions when serializing objects and can be exploited via partially trusted assemblies.
Affected
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4
References
Severity
Classification
-
CVE CVE-2012-0160, CVE-2012-0161 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft GDI+ Remote Code Execution Vulnerability (2489979)
- Microsoft DirectAccess Security Advisory (2862152)
- ISA Server 2000 and Proxy Server 2.0 Internet Content Spoofing (888258)
- Microsoft DNS Resolution Remote Code Execution Vulnerability (2509553)
- Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)