Oval Definition:oval:org.mitre.oval:def:15810
Revision Date:2014-08-18Version:28
Title:Web proxy auto-discovery vulnerability - MS12-074
Description:The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2012-4776
Platform(s):Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.0
Microsoft .NET Framework 4.5
Definition Synopsis
  • 2.0 sp2/win xp, server 2003/versions
  • either os
  • Microsoft Windows XP (32-bit) is installed
  • OR Microsoft Windows XP x64 is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 (ia64) Gold is installed
  • AND Microsoft .NET Framework 2.0 Service Pack 2 is installed
  • AND gdr/ldr
  • Check if the version of mscorlib.dll is less than 2.0.50727.3643
  • OR ldr range
  • Check if the version of mscorlib.dll is less than 2.0.50727.5737
  • AND the version of Mscorlib.dll is greater than or equal to 2.0.50727.5600
  • OR 2.0 sp2/vista, server 2008/version
  • either os
  • Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND Microsoft .NET Framework 2.0 Service Pack 2 is installed
  • AND gdr/ldr
  • Check if the version of mscorlib.dll is less than 2.0.50727.4234
  • OR ldr range
  • Check if the version of mscorlib.dll is less than 2.0.50727.5737
  • AND the version of Mscorlib.dll is greater than or equal to 2.0.50727.5600
  • OR 3.5.1/win 7/server 2008 R2/version
  • win 7/server 2008 R2
  • Microsoft Windows 7 is installed
  • OR Microsoft Windows Server 2008 R2 is installed
  • AND Microsoft .NET Framework 3.5 SP1 is installed
  • AND gdr/ldr
  • Check if the version of mscorlib.dll is less than 2.0.50727.4984
  • OR ldr range
  • Check if the version of mscorlib.dll is less than 2.0.50727.5737
  • AND the version of Mscorlib.dll is greater than or equal to 2.0.50727.5600
  • OR 3.5.1/win 7/server 2008 R2/version
  • win 7/server 2008 R2
  • Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • AND Microsoft .NET Framework 3.5 SP1 is installed
  • AND gdr/ldr
  • Check if the version of mscorlib.dll is less than 2.0.50727.5466
  • OR ldr range
  • Check if the version of mscorlib.dll is less than 2.0.50727.5737
  • AND the version of Mscorlib.dll is greater than or equal to 2.0.50727.5600
  • OR .net 4/veersion
  • either os
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows XP (32-bit) is installed
  • OR Microsoft Windows XP x64 is installed
  • OR Microsoft Windows Server 2003 (ia64) Gold is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • AND Microsoft .NET Framework 4.0 is installed
  • AND gdr/ldr
  • Check if the version of mscorlib.dll is less than 4.0.30319.296
  • OR ldr range
  • Check if the version of mscorlib.dll is less than 4.0.30319.586
  • AND the version of Mscorlib.dll is greater than or equal to 4.0.30319.400
  • OR .net 4.5/version
  • either os
  • Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • AND Microsoft .NET Framework 4.5 is installed
  • AND gdr/ldr
  • Check if the version of system.dll is less than 4.0.30319.18014
  • OR ldr range
  • Check if the version of system.dll is less than 4.0.30319.19019
  • AND Check if the version of system.dll is greater than or equal 4.0.30319.19000
  • OR windows 8/server 2012/.net 3.5/4.5/versions
  • net 3.5/4.5/version
  • .net 3.5/version
  • Microsoft .NET Framework 3.5 SP1 is installed
  • AND GDR/LDR
  • Check if the version of mscorlib.dll is less than 2.0.50727.6400
  • OR .net 4.5/versions
  • Microsoft .NET Framework 4.5 is installed
  • AND GDR/LDR
  • Check if the version of mscorlib.dll is greater than or equal to 4.0.30319.19000
  • OR Check if the version of mscorlib.dll is less than 4.0.30317.19010
  • AND win 8/server 2012
  • Microsoft Windows 8 is installed
  • OR Microsoft Windows Server 2012 is installed
    • BACK