CVE-2012-0014

high

Published 2012-02-14 · Modified 2026-04-29

CVSS v3

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2

9.3

VIR risk

7.8

Description

Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."

Predictions

Exploit likelihood

75%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

OS impact

OS	Version	Status
macos		not-affected
windows		not-affected
windows	r2	not-affected

Application impact

Vendor	Product	Versions
microsoft	.net_framework	`2.0`
microsoft	.net_framework	`3.5.1`
microsoft	.net_framework	`4.0`
microsoft	silverlight	`4.0.50524.00`
microsoft	silverlight	`4.0.50826.0`
microsoft	silverlight	`4.0.50917.0`
microsoft	silverlight	`4.0.51204.0`
microsoft	silverlight	`4.0.60129.0`
microsoft	silverlight	`4.0.60310.0`
microsoft	silverlight	`4.0.60531.0`
microsoft	silverlight	`4.0.60831.0`
microsoft	silverlight	`4.0.603310.0`
microsoft	silverlight	`4.1.10111`

References

CWEs

CWE-94

Verify integrity in audit chain (admin only). AS-IS.