Remote Code Execution Vulnerabilities Found in Microsoft .NET and Silverlight
( Microsoft Security Bulletin MS12-016, CVE-2012-0015 )
Summary
A remote code execution vulnerability has been reported in the Microsoft .NET and Silverlight application frameworks. The Check Point IPS Software Blade provides protection at the network by blocking attempts to exploit this issue.
Details
The Microsoft .NET framework is a software framework that runs primarily on Microsoft Windows, which includes a large library of functions and supports several programming languages.
Microsoft Silverlight is an application framework that integrates multimedia, graphics, animations and interactivity into a single runtime environment.
The vulnerability is caused due to an error in the way the .NET and Silverlight frameworks use unmanaged objects. A remote attacker may exploit this issue by enticing a user to open a web page containing a specially crafted XBAP (XAML browser application). Successful exploitation could allow the attacker to take complete control of an affected system.
Affected Products
The following products are affected by this vulnerability:
- Microsoft .NET Framework 2.0 Service Pack 2
- Microsoft .NET Framework 3.5.1
- Microsoft .NET Framework 4
- Microsoft Silverlight 4
Solution
The Check Point IPS Software Blade provides immediate network protection for unpatched systems in the latest IPS update by detecting and blocking attempts to block this vulnerability. For more information, see CPAI-2012-056.
Originally Published:
Last Updated: 14-Feb-2012