SynopsisThe version of the .NET Framework installed on the remote host is affected by multiple vulnerabilities.
DescriptionThe remote Windows host is running a version of Microsoft .NET Framework that is affected by multiple vulnerabilities :
- The way .NET Framework validates the permissions of certain objects during reflection is flawed and could be exploited by an attacker to gain complete control of an affected system. (CVE-2012-1895)
- An information disclosure vulnerability exists in .NET due to the improper sanitization of output when a function is called from partially trusted code may allow an attacker to obtain confidential information.
- A flaw exists in the way .NET handles DLL files that can be exploited by an attacker to execute arbitrary code.
- A remote code execution vulnerability exists in the way the .NET Framework retrieves the default web proxy settings. (CVE-2012-4776)
- A flaw exists in the way .NET validates permissions for objects involved with reflection could be exploited by an attacker to gain complete control of an affected system. (CVE-2012-4777)
SolutionMicrosoft has released a set of patches for the .NET Framework on Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.