CVE-2012-0014

CWE-94 — Code Injection3 documents3 sources

Severity

7.8HIGH

EPSS

52.3%

top 2.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft .net Framework Microsoft Silverlight

Timeline

PublishedFeb 14

Latest updateMay 4

Description

Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDmicrosoft/.net_framework2.0, 3.5.1, 4.0+2

▶NVDmicrosoft/silverlight10 versions+9

🔴Vulnerability Details

GHSA

GHSA-25c7-5442-g7pq: Microsoft↗2022-05-04

▶

CVEList

CVE-2012-0014: Microsoft↗2012-02-14

▶