9.3
CVE-2012-4777
- EPSS 11.74%
- Published 14.11.2012 00:55:01
- Last modified 11.04.2025 00:51:21
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "WPF Reflection Optimization Vulnerability."
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ .Net Framework Version4.0
Microsoft ≫ Windows 7 Editionx64
Microsoft ≫ Windows 7 Editionx86
Microsoft ≫ Windows 7 Updatesp1 Editionx64
Microsoft ≫ Windows 7 Updatesp1 Editionx86
Microsoft ≫ Windows Server 2003 Updatesp2
Microsoft ≫ Windows Server 2008 Updater2 Editionitanium
Microsoft ≫ Windows Server 2008 Updater2 Editionx64
Microsoft ≫ Windows Server 2008 Updatesp2 Editionitanium
Microsoft ≫ Windows Server 2008 Updatesp2 Editionx64
Microsoft ≫ Windows Server 2008 Updatesp2 Editionx86
Microsoft ≫ Windows Vista Updatesp2
Microsoft ≫ Windows Xp Updatesp3
Microsoft ≫ Windows Xp Version- Updatesp2 Editionx64
Microsoft ≫ Windows 7 Editionx86
Microsoft ≫ Windows 7 Updatesp1 Editionx64
Microsoft ≫ Windows 7 Updatesp1 Editionx86
Microsoft ≫ Windows Server 2003 Updatesp2
Microsoft ≫ Windows Server 2008 Updater2 Editionitanium
Microsoft ≫ Windows Server 2008 Updater2 Editionx64
Microsoft ≫ Windows Server 2008 Updatesp2 Editionitanium
Microsoft ≫ Windows Server 2008 Updatesp2 Editionx64
Microsoft ≫ Windows Server 2008 Updatesp2 Editionx86
Microsoft ≫ Windows Vista Updatesp2
Microsoft ≫ Windows Xp Updatesp3
Microsoft ≫ Windows Xp Version- Updatesp2 Editionx64
Microsoft ≫ .Net Framework Version4.5
Microsoft ≫ Windows 7 Editionx86
Microsoft ≫ Windows 7 Updatesp1 Editionx64
Microsoft ≫ Windows 8 Version- Update- Editionx64
Microsoft ≫ Windows 8 Version- Update- Editionx86
Microsoft ≫ Windows Rt Version-
Microsoft ≫ Windows Server 2008 Updatesp2 Editionx64
Microsoft ≫ Windows Server 2008 Updatesp2 Editionx86
Microsoft ≫ Windows Server 2012 Version-
Microsoft ≫ Windows Vista Updatesp2
Microsoft ≫ Windows 7 Updatesp1 Editionx64
Microsoft ≫ Windows 8 Version- Update- Editionx64
Microsoft ≫ Windows 8 Version- Update- Editionx86
Microsoft ≫ Windows Rt Version-
Microsoft ≫ Windows Server 2008 Updatesp2 Editionx64
Microsoft ≫ Windows Server 2008 Updatesp2 Editionx86
Microsoft ≫ Windows Server 2012 Version-
Microsoft ≫ Windows Vista Updatesp2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 11.74% | 0.935 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|