CVE-2012-4776

Microsoft .NET Framework <4.5 - XSS

Title source: llm
STIX 2.1

Description

The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability."

References (7)

Core 7
Core References
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA12-318A.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15810
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1027753
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/56463
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/87266
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/51236

Scores

EPSS 0.2475
EPSS Percentile 97.6%

Details

CWE
CWE-20
Status published
Products (5)
microsoft/.net_framework 2.0 sp2
microsoft/.net_framework 3.5.1
microsoft/.net_framework 4.0
microsoft/.net_framework 3.5
microsoft/.net_framework 4.5
Published Nov 14, 2012
Tracked Since Feb 18, 2026