Microsoft .NET Framework Remote Code Execution Vulnerability (2706726) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS12-038.

Impact

Successful exploitation could allow an attacker to execute arbitrary code. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-038

Insight

The flaw is due to an error within the framework when handling pointers and can be exploited to corrupt memory via a specially crafted web page.

Affected

Microsoft .NET Framework 4 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 2.0 Service Pack 2

References

http://secunia.com/advisories/49418
http://support.microsoft.com/kb/2706726
http://technet.microsoft.com/en-us/security/bulletin/ms12-038
http://www.securitytracker.com/id/1027149

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-1855
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Cumulative Security Update for Internet Explorer (969897)
IE 5.01 5.5 6.0 Cumulative patch (890923)
Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455)
Microsoft IIS FTP Server 'Malformed FTP List Request' DOS Vulnerability
Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656)

Take action and discover your vulnerabilities