CVE-2012-2519
- EPSS 3.22%
- Veröffentlicht 14.11.2012 00:55:01
- Zuletzt bearbeitet 16.06.2026 23:41:37
Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated...
CVE-2012-4776
- EPSS 24.76%
- Veröffentlicht 14.11.2012 00:55:01
- Zuletzt bearbeitet 16.06.2026 23:45:42
The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitra...
CVE-2012-4777
- EPSS 24.76%
- Veröffentlicht 14.11.2012 00:55:01
- Zuletzt bearbeitet 16.06.2026 23:45:42
The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka...
CVE-2012-1855
- EPSS 20.5%
- Veröffentlicht 12.06.2012 22:55:01
- Zuletzt bearbeitet 16.06.2026 23:40:26
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework applica...
CVE-2012-0160
- EPSS 22.89%
- Veröffentlicht 09.05.2012 00:55:01
- Zuletzt bearbeitet 16.06.2026 23:36:48
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted ...
CVE-2012-0161
- EPSS 22.26%
- Veröffentlicht 09.05.2012 00:55:01
- Zuletzt bearbeitet 16.06.2026 23:36:48
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrar...
CVE-2012-0162
- EPSS 21.9%
- Veröffentlicht 09.05.2012 00:55:01
- Zuletzt bearbeitet 16.06.2026 23:36:48
Microsoft .NET Framework 4 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Buffer Alloc...
- EPSS 17.19%
- Veröffentlicht 09.05.2012 00:55:01
- Zuletzt bearbeitet 16.06.2026 23:36:49
Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application hang) via crafted requests to a Windows Presentation Foundation (WPF) application, aka ".NET Framework Index Co...
CVE-2012-0163
- EPSS 38.25%
- Veröffentlicht 10.04.2012 21:55:01
- Zuletzt bearbeitet 16.06.2026 23:36:49
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted AS...
CVE-2012-0014
- EPSS 28.17%
- Veröffentlicht 14.02.2012 22:55:01
- Zuletzt bearbeitet 16.06.2026 23:36:29
Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser ...