CVE-2012-0014

Published Feb 14, 2012

Last updated a month ago

CVSS high 7.8

Overview

Description: Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."
Source: secure@microsoft.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-94
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-94

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8EDC4407-7E92-4E60-82F0-0C87D1860D3A"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:.net_framework:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "792B417F-96A0-4E9D-9E79-5D7F982E2225"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_7:*:*:x64:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CE381783-027E-4B6D-B801-59873E5EA483"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_7:*:*:x86:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2C3594F-7C2C-4E2D-9BC5-F4F89B7BF4D5"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_7:*:sp1:x64:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4FA15D65-7C32-4C7A-9915-746AB3F454EE"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_7:*:sp1:x86:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "976EFC05-9B37-4661-AD34-4FFDB5AB48E0"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FFF81F4B-7D92-4398-8658-84530FB8F518"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "32C28EC2-8A34-4E30-A76A-86921D7332C1"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CC916D5A-0644-4423-A52E-D4310906BE78"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "95DC297F-06DB-4FB3-BFB6-7312C059E047"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:silverlight:4.0.50524.00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6433FA3A-EC9C-42C5-95B2-80CF5D99574A"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:silverlight:4.0.50826.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "064FDFCD-8DBA-4E10-9FFB-7415787653BA"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:silverlight:4.0.50917.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D8B9EAD-2B3F-42D6-85DA-8473BE55EEA6"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:silverlight:4.0.51204.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8578CAED-BB11-46B9-B3D4-8BE343E887EF"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:silverlight:4.0.60129.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F69C9378-4B0D-4BC4-BEA0-466DAFBF6C88"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:silverlight:4.0.60310.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B647E12-A0D3-4593-BAB4-4F6277C3CD99"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:silverlight:4.0.60531.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E77ED71-B518-493E-9A55-B844B3A79803"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:silverlight:4.0.60831.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D02F225D-3990-4A17-879E-4CC54D98ACCF"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:silverlight:4.0.603310.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2C4E2D3-922C-419D-B5D7-F1C8F0A9A501"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:silverlight:4.1.10111:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C98D5A9-1376-407F-89FA-B02A5B0A7B8A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References