Executive Summary

Informations
Name CVE-2012-4777 First vendor Publication 2012-11-13
Vendor Cve Last vendor Modification 2023-12-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "WPF Reflection Optimization Vulnerability."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4777

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:15960
 
Oval ID: oval:org.mitre.oval:def:15960
Title: WPF reflection optimization vulnerability - MS12-074
Description: The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "WPF Reflection Optimization Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2012-4777
 Version: 7
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.0
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2

OpenVAS Exploits

Date Description
2012-11-14 Name : Microsoft .NET Framework Remote Code Execution Vulnerability (2745030)
File : nvt/secpod_ms12-074.nasl

Information Assurance Vulnerability Management (IAVM)

Date Description
2012-11-15 IAVM : 2012-A-0184 - Multiple Remote Code Execution Vulnerabilities in Microsoft .NET Framework
Severity : Category I - VMSKEY : V0034955

Snort® IPS/IDS

Date Description
2015-08-11 Microsoft proxy autoconfig script system library import attempt
RuleID : 35094 - Revision : 3 - Type : FILE-OTHER
2014-01-10 Microsoft .NET blacklisted method reflection sandbox bypass attempt
RuleID : 24665 - Revision : 6 - Type : FILE-EXECUTABLE
2014-01-10 Microsoft .NET blacklisted method reflection sandbox bypass attempt
RuleID : 24664 - Revision : 5 - Type : FILE-EXECUTABLE
2014-01-10 Microsoft .NET fully qualified System.Data.dll assembly name exploit attempt
RuleID : 24656 - Revision : 2 - Type : OS-WINDOWS
2014-01-10 Microsoft .NET fully qualified System.Data.dll assembly name exploit attempt
RuleID : 24655 - Revision : 2 - Type : OS-WINDOWS
2014-01-10 Microsoft proxy autoconfig script system library import attempt
RuleID : 24652 - Revision : 6 - Type : FILE-OTHER

Nessus® Vulnerability Scanner

Date Description
2013-07-10 Name : The .NET Framework install on the remote Windows host could allow arbitrary c...
File : smb_nt_ms13-052.nasl - Type : ACT_GATHER_INFO
2012-11-14 Name : The version of the .NET Framework installed on the remote host is affected by...
File : smb_nt_ms12-074.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/56464
CERT http://www.us-cert.gov/cas/techalerts/TA12-318A.html
MS https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12...
OSVDB http://osvdb.org/87267
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SECTRACK http://www.securitytracker.com/id?1027753
SECUNIA http://secunia.com/advisories/51236

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
Date Informations
2024-02-02 01:20:36
  • Multiple Updates
2024-02-01 12:06:04
  • Multiple Updates
2023-12-07 21:28:00
  • Multiple Updates
2023-09-05 12:19:28
  • Multiple Updates
2023-09-05 01:05:57
  • Multiple Updates
2023-09-02 12:19:29
  • Multiple Updates
2023-09-02 01:06:03
  • Multiple Updates
2023-08-12 12:23:25
  • Multiple Updates
2023-08-12 01:06:04
  • Multiple Updates
2023-08-11 12:19:36
  • Multiple Updates
2023-08-11 01:06:14
  • Multiple Updates
2023-08-06 12:18:52
  • Multiple Updates
2023-08-06 01:06:04
  • Multiple Updates
2023-08-04 12:18:55
  • Multiple Updates
2023-08-04 01:06:07
  • Multiple Updates
2023-07-14 12:18:54
  • Multiple Updates
2023-07-14 01:06:01
  • Multiple Updates
2023-03-29 01:20:53
  • Multiple Updates
2023-03-28 12:06:09
  • Multiple Updates
2022-10-11 12:16:53
  • Multiple Updates
2022-10-11 01:05:45
  • Multiple Updates
2020-11-24 12:09:12
  • Multiple Updates
2020-09-28 17:22:45
  • Multiple Updates
2020-05-23 00:34:46
  • Multiple Updates
2019-05-09 12:04:50
  • Multiple Updates
2019-02-26 17:19:38
  • Multiple Updates
2018-10-13 05:18:36
  • Multiple Updates
2017-09-19 09:25:31
  • Multiple Updates
2016-06-28 22:04:34
  • Multiple Updates
2016-04-26 22:17:41
  • Multiple Updates
2014-02-17 11:13:36
  • Multiple Updates
2013-11-11 12:40:04
  • Multiple Updates
2013-11-04 21:24:03
  • Multiple Updates
2013-08-27 13:20:09
  • Multiple Updates
2013-08-17 17:20:35
  • Multiple Updates
2013-05-10 22:46:56
  • Multiple Updates
2013-02-26 13:18:52
  • Multiple Updates
2012-11-14 21:20:22
  • Multiple Updates
2012-11-14 17:21:49
  • Multiple Updates
2012-11-14 13:20:58
  • First insertion