<< Back
CVE Number Vulnerability Product Severity Date
MS12-038 Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726) Microsoft .NET Critical 13-06-2012

Technical Information

Brief overview of the risk:
The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). The vulnerability could also be used by Windows .NET Framework applications to bypass Code Access Security (CAS) restrictions.

Detailed Information on the risk:

A remote code execution vulnerability exists in the Microsoft .NET Framework due to the improper execution of a function pointer. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Further information on this exploit is available at : MS12-038

Affected Software

Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 4
Microsoft .NET Framework 3.5.1