MS12-074: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2745030)

This script is Copyright (C) 2012-2017 Tenable Network Security, Inc.

Synopsis :

The version of the .NET Framework installed on the remote host is
affected by multiple vulnerabilities.

Description :

The remote Windows host is running a version of Microsoft .NET
Framework that is affected by multiple vulnerabilities :

- The way .NET Framework validates the permissions of
certain objects during reflection is flawed and could
be exploited by an attacker to gain complete control of
an affected system. (CVE-2012-1895)

- An information disclosure vulnerability exists in .NET
due to the improper sanitization of output when a
function is called from partially trusted code may allow
an attacker to obtain confidential information.

- A flaw exists in the way .NET handles DLL files that can
be exploited by an attacker to execute arbitrary code.

- A remote code execution vulnerability exists in the way
the .NET Framework retrieves the default web proxy
settings. (CVE-2012-4776)

- A flaw exists in the way .NET validates permissions for
objects involved with reflection could be exploited by
an attacker to gain complete control of an affected
system. (CVE-2012-4777)

See also :

Solution :

Microsoft has released a set of patches for the .NET Framework on
Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 62906 ()

Bugtraq ID: 56455

CVE ID: CVE-2012-1895

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now