CVE-2012-4777
critical
CVSS v3
—
CVSS v2
9.3
VIR risk
9.3
Description
The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "WPF Reflection Optimization Vulnerability."
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| windows | not-affected | | |
| windows | - | not-affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| microsoft | .net_framework | 4.0 | |
| microsoft | .net_framework | 4.5 | |
References
- http://osvdb.org/87267
- http://secunia.com/advisories/51236
- http://www.securityfocus.com/bid/56464
- http://www.securitytracker.com/id?1027753
- http://www.us-cert.gov/cas/techalerts/TA12-318A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-074
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15960
- http://osvdb.org/87267
- http://secunia.com/advisories/51236
- http://www.securityfocus.com/bid/56464
- http://www.securitytracker.com/id?1027753
- http://www.us-cert.gov/cas/techalerts/TA12-318A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-074
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15960
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.