Vulnerabilities in Microsoft .NET Framework Could Allow Remote Code Execution
( Microsoft Security Bulletin MS12-074, CVE-2012-2519, CVE-2012-4776 )
Two critical remote code execution vulnerabilities have been discovered in the .NET application framework that could allow an attacker to take complete control of a targeted machine and execute arbitrary code on it. The Check Point IPS Software Blade provides protection at the network level from these vulnerabilities.
The Microsoft .NET framework is a software framework that runs primarily on Microsoft Windows, which includes a large library of functions and supports several programming languages.
The first vulnerability is due to .NET's improper loading of DLL files. A remote attacker can exploit this this by enticing a user to open a legitimate .NET application built with ADO.NET, that is located in the same network directory as a maliciously crafted dynamic link library (DLL) file. The second vulnerability is due to an error in the way .NET retrieves the host system's default web proxy settings. A remote attacker can exploit this issue by enticing a victim to use a malicious proxy auto configuration file and then inject code into the currently running application. Successful exploitation of either vulnerability could allow an attacker to take complete control of the target system.
Check Point recommends deploying the update described in MS12-074 as soon as is practical. In the meantime, the Check Point IPS Software Blade provides protection for unpatched systems in the latest IPS update by detecting and blocking attempts to exploit these vulnerabilities. For more information about the IPS updates as well as which versions of the .NET Framework are affected, see CPAI-2012-793 and CPAI-2012-804.
Last Updated: 14-Nov-2012