This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
The .NET Framework install on the remote Windows host could allow
arbitrary code execution.
The version of the .NET Framework installed on the remote host
reportedly is affected by the following vulnerabilities :
- The .NET Framework and Silverlight do not properly use
unmanaged objects, which could allow a malicious .NET
Framework application to access memory in an unsafe
- The .NET Framework does not properly calculate a buffer
length when processing malicious input, which could
lead to heap corruption. (CVE-2012-0015)
An attacker may be able to leverage these vulnerabilities to execute
arbitrary code on the affected system if a user on it can be tricked
into viewing a specially crafted web page using a web browser that can
run XAML Browser Applications (XBAPs) or Silverlight applications.
See also :
Microsoft has released a set of patches for .NET Framework 2.0, 3.5.1,
and 4 as well as Silverlight 4.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true