This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.
The version of the .NET Framework installed on the remote host is
affected by multiple vulnerabilities.
The remote Windows host is running a version of Microsoft .NET
Framework that is affected by multiple vulnerabilities :
- The way .NET Framework validates the permissions of
certain objects during reflection is flawed and could
be exploited by an attacker to gain complete control of
an affected system. (CVE-2012-1895)
- An information disclosure vulnerability exists in .NET
due to the improper sanitization of output when a
function is called from partially trusted code may allow
an attacker to obtain confidential information.
- A flaw exists in the way .NET handles DLL files that can
be exploited by an attacker to execute arbitrary code.
- A remote code execution vulnerability exists in the way
the .NET Framework retrieves the default web proxy
- A flaw exists in the way .NET validates permissions for
objects involved with reflection could be exploited by
an attacker to gain complete control of an affected
See also :
Microsoft has released a set of patches for the .NET Framework on
Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true
Family: Windows : Microsoft Bulletins
Nessus Plugin ID: 62906 ()
Bugtraq ID: 5645556456564625646356464
CVE ID: CVE-2012-1895CVE-2012-1896CVE-2012-2519CVE-2012-4776CVE-2012-4777
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.