OVAL Reference oval:org.mitre.oval:def:15554

Oval Definition:

oval:org.mitre.oval:def:15554

Revision Date:	2014-08-18	Version:	25
Title:	.NET Framework Serialization Vulnerability (CVE-2012-0160)
Description:	Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
Family:	windows	Class:	vulnerability
Status:	ACCEPTED	Reference(s):	CVE-2012-0160
Platform(s):	Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	Microsoft .NET Framework 1.0 Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4
Definition Synopsis
.NET Framework 1.0 SP3 KB2604042 Microsoft Windows XP (32-bit) is installed AND Media Center is installed AND Microsoft .NET Framework 1.0 (Service Pack 3 or later) is Installed AND System.web.dll version is less than 1.0.3705.6098 OR .NET Framework 1.1 SP1 KB2656353 affected Operating System Microsoft Windows XP (32-bit) is installed OR Microsoft Windows XP x64 is installed OR Microsoft Windows Server 2003 (x64) is installed OR Microsoft Windows Server 2003 (ia64) Gold is installed OR Microsoft Windows Vista (32-bit) is installed OR Microsoft Windows Vista x64 Edition is installed OR Microsoft Windows Server 2008 (32-bit) is installed OR Microsoft Windows Server 2008 (64-bit) is installed OR Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft .NET Framework 1.1 Service Pack 1 is Installed AND the version of Mscorlib.dll is less than 1.1.4322.2494 OR .NET Framework 1.1 SP1 (KB2604078) Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft .NET Framework 1.1 Service Pack 1 is Installed AND the version of Mscorlib.dll is less than 1.1.4322.2494 OR .NET Framework 3.0 SP2 (KB2604105) affected Operating System Microsoft Windows Vista (32-bit) is installed OR Microsoft Windows Vista x64 Edition is installed OR Microsoft Windows Server 2008 (32-bit) is installed OR Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft .NET Framework 3.0 SP2 is installed AND GDR or LDR Service branch the version of WindowsBase.dll is less than 3.0.6920.4206 OR LDR the version of WindowsBase.dll is greater than or equal to 3.0.6920.5600 AND the version of WindowsBase.dll is less than 3.0.6920.5738 OR .NET Framework 3.0 SP2 (KB2604110) affected Operating System Microsoft Windows XP (32-bit) is installed OR Microsoft Windows XP x64 is installed OR Microsoft Windows Server 2003 (32-bit) is installed OR Microsoft Windows Server 2003 (x64) is installed AND Microsoft .NET Framework 3.0 SP2 is installed AND GDR or LDR Service branch the version of WindowsBase.dll is less than 3.0.6920.4021 OR LDR the version of WindowsBase.dll is greater than or equal to 3.0.6920.5600 AND the version of WindowsBase.dll is less than 3.0.6920.5810 OR .NET Framework 2.0 on XP x86/x64, Server 2003 x86/x64/ia64 (KB2604092) XP x86/x64, Server 2003 x86/x64/ia64 Microsoft Windows XP (32-bit) is installed OR Microsoft Windows XP x64 is installed OR Microsoft Windows Server 2003 (32-bit) is installed OR Microsoft Windows Server 2003 (x64) is installed OR Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft .NET Framework 2.0 Service Pack 2 is installed AND GDR or LDR Service branch the version of System.dll is less than 2.0.50727.3634 OR LDR the version of System.dll is less than 2.0.50727.5710 AND the version of System.dll is greater than or equal to 2.0.50727.5600 OR .NET Framework 2.0 SP2 on Vista x86/x64, Server 2008 x86/x64/ia64 (KB2604094) Vista x86/x64, Server 2008 x86/x64/ia64 Microsoft Windows Vista (32-bit) is installed OR Microsoft Windows Vista x64 Edition is installed OR Microsoft Windows Server 2008 (32-bit) is installed OR Microsoft Windows Server 2008 (64-bit) is installed OR Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft .NET Framework 2.0 Service Pack 2 is installed AND GDR or LDR Service branch the version of System.dll is less than 2.0.50727.4223 OR LDR the version of System.dll is less than 2.0.50727.5710 AND the version of System.dll is greater than or equal to 2.0.50727.5600 OR .NET Framework 3.5 SP1 (KB2604111) affected Operating System Microsoft Windows XP (32-bit) is installed OR Microsoft Windows XP x64 is installed OR Microsoft Windows Server 2003 (32-bit) is installed OR Microsoft Windows Server 2003 (x64) is installed OR Microsoft Windows Server 2003 (ia64) Gold is installed OR Microsoft Windows Vista (32-bit) is installed OR Microsoft Windows Vista x64 Edition is installed OR Microsoft Windows Server 2008 (32-bit) is installed OR Microsoft Windows Server 2008 (64-bit) is installed OR Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft .NET Framework 3.5 SP1 is installed AND GDR or LDR Service branch the version of System.AddIn.dll is less than 3.5.30729.3676 OR LDR the version of System.AddIn.dll is greater than or equal to 3.5.30729.5600 AND the version of System.AddIn.dll is less than 3.5.30729.5766 OR .NET Framework 3.5.1 on Windows 7 x86/x64, Server 2008 r2 x64/ia64 (KB2604114) Windows 7 x86/x64, Server 2008 r2 x64/ia64 Microsoft Windows 7 (32-bit) is installed OR Microsoft Windows 7 x64 Edition is installed OR Microsoft Windows Server 2008 R2 x64 Edition is installed OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft .NET Framework 3.5 SP1 is installed AND GDR or LDR Service branch the version of System.dll is less than 2.0.50727.4971 OR LDR the version of System.dll is less than 2.0.50727.5710 AND the version of System.dll is greater than or equal to 2.0.50727.5600 OR .NET Framework 3.5.1 on Windows 7 x86/x64, Server 2008 R2 x64/ia64 (KB2604115) Windows 7 x86/x64, Server 2008 R2 x64/ia64 Microsoft Windows 7 (32-bit) is installed OR Microsoft Windows 7 x64 Edition is installed OR Microsoft Windows Server 2008 R2 x64 Edition is installed OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft .NET Framework 3.5 SP1 is installed AND GDR or LDR Service branch the version of System.dll is less than 2.0.50727.5456 OR LDR the version of System.dll is less than 2.0.50727.5710 AND the version of System.dll is greater than or equal to 2.0.50727.5600 OR .NET Framework 4.0 on Windows XP x86/x64, Server 2003 x86/x64/ia64, Vista x86/x64, Server 2008 x86/x64/ia64, Windows 7 x86/x64, Server 2008 r2 x64/ia64 (KB2604121) Windows XP x86/x64, Windows Server 2003 x86/x64/ia64, Vista x86/x64, Server 2008 x86/x64/ia64, Windows 7 x86/x64, Server 2008 r2 x64/ia64 Microsoft Windows XP (32-bit) is installed OR Microsoft Windows XP x64 is installed OR Microsoft Windows Server 2003 (32-bit) is installed OR Microsoft Windows Server 2003 (x64) is installed OR Microsoft Windows Server 2003 (ia64) Gold is installed OR Microsoft Windows Vista (32-bit) is installed OR Microsoft Windows Vista x64 Edition is installed OR Microsoft Windows Server 2008 (32-bit) is installed OR Microsoft Windows Server 2008 (64-bit) is installed OR Microsoft Windows Server 2008 (ia-64) is installed OR Microsoft Windows 7 (32-bit) is installed OR Microsoft Windows 7 x64 Edition is installed OR Microsoft Windows Server 2008 R2 x64 Edition is installed OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft .NET Framework 4.0 is installed AND GDR or LDR Service branch the version of System.dll is less than 4.0.30319.269 OR LDR the version of System.dll is less than 4.0.30319.544 AND the version of System.dll is greater than or equal to 4.0.30319.400

BACK