Critical Vulnerability Discovered in Microsoft .NET Application Framework
( Microsoft Security Bulletin MS12-038, CVE-2012-1855 )
Summary
A critical remote code execution vulnerability has been discovered in the .NET application framework that could allow an attacker to take complete control of a targeted machine and execute arbitrary code on it. The Check Point IPS Software Blade protects systems from this vulnerability by detecting and blocking attempts by users to open maliciously crafted web pages.
Details
The Microsoft .NET framework is a software framework that runs primarily on Microsoft Windows, which includes a large library of functions and supports several programming languages.
The vulnerability is due to .NET's improper execution of a function pointer. It can be exploited by an attacker by enticing the user of a targeted system to visit a maliciously crafted web page. Successful exploitation will allow an attacker to execute arbitrary code on an affected system, in the security context of the logged on user.
Affected Products
The following products are vulnerable to this issue:
- Microsoft .NET Framework 2.0 Service Pack 2
- Microsoft .NET Framework 3.5.1
- Microsoft .NET Framework 4
Solution
Check Point recommends deploying the patch described in MS12-038 when practical. In the meantime, the Check Point IPS Software Blade provides protection for unpatched systems by detecting and blocking attempts by the user to open maliciously crafted web pages that attempt to exploit this vulnerability. For more information, see CPAI-2012-259.
Originally Published:
Last Updated: 12-Jun-2012