Oval Definition:oval:org.mitre.oval:def:15520
Revision Date:2014-08-18Version:26
Title:.NET Framework Insecure Library Loading Vulnerability - MS12-074
Description:Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2012-2519
Platform(s):Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.0
Definition Synopsis
  • 1.1 sp1/versions
  • either os
  • Microsoft Windows XP (32-bit) is installed
  • OR Microsoft Windows XP x64 is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 (ia64) Gold is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND Microsoft .NET Framework 1.1 Service Pack 1 is Installed
  • AND Check if the version of mscorlib.dll is less than 1.1.4322.2500
  • OR 2.0 sp2/win xp, server 2003/versions
  • either os
  • Microsoft Windows XP (32-bit) is installed
  • OR Microsoft Windows XP x64 is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (ia64) Gold is installed
  • AND Microsoft .NET Framework 2.0 Service Pack 2 is installed
  • AND gdr/ldr
  • Check if the version of mscorlib.dll is less than 2.0.50727.3643
  • OR ldr range
  • Check if the version of mscorlib.dll is less than 2.0.50727.5737
  • AND the version of Mscorlib.dll is greater than or equal to 2.0.50727.5600
  • OR 2.0 sp2/vista, server 2008/version
  • either os
  • Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND Microsoft .NET Framework 2.0 Service Pack 2 is installed
  • AND gdr/ldr
  • Check if the version of mscorlib.dll is less than 2.0.50727.4234
  • OR ldr range
  • Check if the version of mscorlib.dll is less than 2.0.50727.5737
  • AND the version of Mscorlib.dll is greater than or equal to 2.0.50727.5600
  • OR 3.5.1/win 7/server 2008 R2/version
  • win 7/server 2008 R2
  • Microsoft Windows 7 is installed
  • OR Microsoft Windows Server 2008 R2 is installed
  • AND Microsoft .NET Framework 3.5 SP1 is installed
  • AND gdr/ldr
  • Check if the version of mscorlib.dll is less than 2.0.50727.4984
  • OR ldr range
  • Check if the version of mscorlib.dll is less than 2.0.50727.5737
  • AND the version of Mscorlib.dll is greater than or equal to 2.0.50727.5600
  • OR 3.5.1/win 7/server 2008 R2/version
  • win 7/server 2008 R2
  • Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • AND Microsoft .NET Framework 3.5 SP1 is installed
  • AND gdr/ldr
  • Check if the version of mscorlib.dll is less than 2.0.50727.5466
  • OR ldr range
  • Check if the version of mscorlib.dll is less than 2.0.50727.5737
  • AND the version of Mscorlib.dll is greater than or equal to 2.0.50727.5600
  • OR .net 4/version
  • either os
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows XP (32-bit) is installed
  • OR Microsoft Windows XP x64 is installed
  • OR Microsoft Windows Server 2003 (ia64) Gold is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • AND Microsoft .NET Framework 4.0 is installed
  • AND gdr/ldr
  • Check if the version of mscorlib.dll is less than 4.0.30319.296
  • OR ldr range
  • Check if the version of mscorlib.dll is less than 4.0.30319.586
  • AND the version of Mscorlib.dll is greater than or equal to 4.0.30319.400
  • OR windows 8/server 2012/.net 3.5/versions
  • Microsoft .NET Framework 3.5 SP1 is installed
  • AND GDR/LDR
  • Check if the version of mscorlib.dll is less than 2.0.50727.6400
  • OR LDR range
  • Check if the version of mscorlib.dll is greater than or equal to 2.0.50727.7000
  • AND Check if the version of mscorlib.dll is less than 2.0.50727.7004
  • AND win 8/server 2012
  • Microsoft Windows 8 is installed
  • OR Microsoft Windows Server 2012 is installed
    • BACK