CVE-2012-0163

high

Description

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15495

https://exchange.xforce.ibmcloud.com/vulnerabilities/74377

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-025

http://www.us-cert.gov/cas/techalerts/TA12-101A.html

http://www.securitytracker.com/id?1026907

Details

Source: Mitre, NVD

Published: 2012-04-10

Updated: 2018-10-12

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High