CVE-2012-1896

Microsoft .NET Framework 2.0 SP2 and 3.5.1 - Information Disclosure via Trust Level Mismanagement

Title source: llm
STIX 2.1

Description

Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability."

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/56456
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15785
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA12-318A.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/51236
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1027753

Scores

EPSS 0.2367
EPSS Percentile 97.5%

Details

CWE
CWE-200
Status published
Products (2)
microsoft/.net_framework 2.0 sp2
microsoft/.net_framework 3.5.1
Published Nov 14, 2012
Tracked Since Feb 18, 2026