CVE-2012-0014

HIGH

Microsoft .NET Framework and Silverlight - Remote Code Execution via Unmanaged Object Access

Title source: llm
STIX 2.1

Description

Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."

References (3)

Core 3
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA12-045A.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13972

Scores

CVSS v3 7.8
EPSS 0.2817
EPSS Percentile 97.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-94
Status published
Products (13)
microsoft/.net_framework 2.0 sp2
microsoft/.net_framework 3.5.1
microsoft/.net_framework 4.0
microsoft/silverlight 4.0.50524.00
microsoft/silverlight 4.0.50826.0
microsoft/silverlight 4.0.50917.0
microsoft/silverlight 4.0.51204.0
microsoft/silverlight 4.0.60129.0
microsoft/silverlight 4.0.60310.0
microsoft/silverlight 4.0.60531.0
... and 3 more
Published Feb 14, 2012
Tracked Since Feb 18, 2026