|MS12-038||Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726)||Microsoft .NET||Critical||13-06-2012|
Brief overview of the risk:
The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). The vulnerability could also be used by Windows .NET Framework applications to bypass Code Access Security (CAS) restrictions.
Detailed Information on the risk:
A remote code execution vulnerability exists in the Microsoft .NET Framework due to the improper execution of a function pointer. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Further information on this exploit is available at : MS12-038
Affected SoftwareMicrosoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 4
Microsoft .NET Framework 3.5.1