This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
The version of the .NET Framework installed on the remote host is
affected by multiple vulnerabilities.
The remote Windows host is running a version of Microsoft .NET
Framework that is affected by multiple vulnerabilities :
- The way .NET Framework validates the permissions of
certain objects during reflection is flawed and could
be exploited by an attacker to gain complete control of
an affected system. (CVE-2012-1895)
- An information disclosure vulnerability exists in .NET
due to the improper sanitization of output when a
function is called from partially trusted code may allow
an attacker to obtain confidential information.
- A flaw exists in the way .NET handles DLL files that can
be exploited by an attacker to execute arbitrary code.
- A remote code execution vulnerability exists in the way
the .NET Framework retrieves the default web proxy
- A flaw exists in the way .NET validates permissions for
objects involved with reflection could be exploited by
an attacker to gain complete control of an affected
See also :
Microsoft has released a set of patches for the .NET Framework on
Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true