9.3

CVE-2012-4777

The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "WPF Reflection Optimization Vulnerability."

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft.Net Framework Version4.0
   MicrosoftWindows 7 Editionx64
   MicrosoftWindows 7 Editionx86
   MicrosoftWindows 7 Updatesp1 Editionx64
   MicrosoftWindows 7 Updatesp1 Editionx86
   MicrosoftWindows Server 2003 Updatesp2
   MicrosoftWindows Server 2008 Updater2 Editionitanium
   MicrosoftWindows Server 2008 Updater2 Editionx64
   MicrosoftWindows Server 2008 Updatesp2 Editionitanium
   MicrosoftWindows Server 2008 Updatesp2 Editionx64
   MicrosoftWindows Server 2008 Updatesp2 Editionx86
   MicrosoftWindows Vista Updatesp2
   MicrosoftWindows Xp Updatesp3
   MicrosoftWindows Xp Version- Updatesp2 Editionx64
Microsoft.Net Framework Version4.5
   MicrosoftWindows 7 Editionx86
   MicrosoftWindows 7 Updatesp1 Editionx64
   MicrosoftWindows 8 Version- Update- Editionx64
   MicrosoftWindows 8 Version- Update- Editionx86
   MicrosoftWindows Rt Version-
   MicrosoftWindows Server 2008 Updatesp2 Editionx64
   MicrosoftWindows Server 2008 Updatesp2 Editionx86
   MicrosoftWindows Server 2012 Version-
   MicrosoftWindows Vista Updatesp2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 11.74% 0.935
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C