Summary
This host is missing a critical security update according to Microsoft Bulletin MS12-035.
Impact
Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the currently logged-in user. Failed attacks will cause denial-of-service conditions.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-035
Insight
The flaws are due to
- An error within the .NET Framework does not properly serialize user input and can be exploited to treat untrusted input as trusted.
- An error within the .NET Framework does not properly handle exceptions when serializing objects and can be exploited via partially trusted assemblies.
Affected
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4
References
Severity
Classification
-
CVE CVE-2012-0160, CVE-2012-0161 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Buffer Overrun In HTML Converter Could Allow Code Execution (823559)
- Microsoft Bluetooth Stack Remote Code Execution Vulnerability (2566220)
- Host Integration Server RPC Service Remote Code Execution Vulnerability (956695)
- Microsoft .NET Framework Privilege Elevation Vulnerability (2769324)
- Microsoft Excel Remote Code Execution Vulnerabilities (968557)