Vulnerability Name: | CVE-2012-0160 (CCN-74375) | ||||||||
Assigned: | 2011-12-13 | ||||||||
Published: | 2012-05-08 | ||||||||
Updated: | 2018-10-12 | ||||||||
Summary: | Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." | ||||||||
CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-20 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2012-0160 Source: CCN Type: SA49117 Microsoft .NET Framework Two Serialization Vulnerabilities Source: SECUNIA Type: Vendor Advisory 49117 Source: CCN Type: Microsoft Security Bulletin MS12-035 Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777) Source: BID Type: UNKNOWN 53356 Source: CCN Type: BID-53356 Microsoft .NET Framework Input Serialization CVE-2012-0160 Remote Code Execution Vulnerability Source: SECTRACK Type: UNKNOWN 1027036 Source: CERT Type: US Government Resource TA12-129A Source: MS Type: UNKNOWN MS12-035 Source: XF Type: UNKNOWN ms-dotnet-serialization-code-exec(74375) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:15554 Source: CCN Type: IBM Security Bulletin 1138588 (Cognos Analytics) IBM Cognos Analytics has addressed multiple vulnerabilties Source: CCN Type: IBM Security Bulletin 1142626 (Cognos Business Intelligence) IBM Cognos Business Intelligence has addressed multiple vulnerabilties | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |