Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Remote Code Execution Vulnerabilities Found in Microsoft .NET and Silverlight


( Microsoft Security Bulletin MS12-016CVE-2012-0015 )

Summary


A remote code execution vulnerability has been reported in the Microsoft .NET and Silverlight application frameworks. The Check Point IPS Software Blade provides protection at the network by blocking attempts to exploit this issue.

Details


The Microsoft .NET framework is a software framework that runs primarily on Microsoft Windows, which includes a large library of functions and supports several programming languages.

Microsoft Silverlight is an application framework that integrates multimedia, graphics, animations and interactivity into a single runtime environment.

The vulnerability is caused due to an error in the way the .NET and Silverlight frameworks use unmanaged objects. A remote attacker may exploit this issue by enticing a user to open a web page containing a specially crafted XBAP (XAML browser application). Successful exploitation could allow the attacker to take complete control of an affected system.

Affected Products

The following products are affected by this vulnerability:

  • Microsoft .NET Framework 2.0 Service Pack 2
  • Microsoft .NET Framework 3.5.1
  • Microsoft .NET Framework 4
  • Microsoft Silverlight 4

Solution

The Check Point IPS Software Blade provides immediate network protection for unpatched systems in the latest IPS update by detecting and blocking attempts to block this vulnerability. For more information, see CPAI-2012-056.

 

Originally Published:

Last Updated: 14-Feb-2012

Legal Notice for Threat Center Advisories