Executive Summary

Title Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726)
Name MS12-038 First vendor Publication 2012-06-12
Vendor Microsoft Last vendor Modification 2012-06-12
Severity (Vendor) Critical Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Revision Note: V1.0 (June 12): Bulletin published.

Summary: This security update resolves one privately reported vulnerability in the Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also be used by Windows .NET Framework applications to bypass Code Access Security (CAS) restrictions. In a web browsing attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.

Original Source

Url : http://technet.microsoft.com/en-us/security/bulletin/ms12-038

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-94 Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14717
Oval ID: oval:org.mitre.oval:def:14717
Title: NET Framework Memory Access Vulnerability (CVE-2012-1855)
Description: Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2012-1855
Version: 6
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.0
Microsoft .NET Framework 4.5
Definition Synopsis:

CPE : Common Platform Enumeration

Application 3

SAINT Exploits

Description Link
Microsoft .NET Framework Memory Access Vulnerability More info here

OpenVAS Exploits

Date Description
2012-06-13 Name : Microsoft .NET Framework Remote Code Execution Vulnerability (2706726)
File : nvt/secpod_ms12-038.nasl

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Windows .NET Framework xbap DataObject object pointer attempt
RuleID : 23181 - Revision : 8 - Type : FILE-EXECUTABLE
2014-01-10 Microsoft Windows .NET xbap STGMEDIUM.unionmember arbitrary number overwrite ...
RuleID : 23127 - Revision : 7 - Type : FILE-EXECUTABLE

Nessus® Vulnerability Scanner

Date Description
2012-06-13 Name : The .NET Framework installed on the remote Windows host could allow arbitrary...
File : smb_nt_ms12-038.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2016-04-27 01:59:08
  • Multiple Updates
2014-02-17 11:47:21
  • Multiple Updates
2014-01-19 21:30:50
  • Multiple Updates
2013-03-07 13:21:01
  • Multiple Updates