CVE-2012-1896 — Sensitive Information Exposure in Microsoft NET Framework

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

48.7%

top 2.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft NET Framework

Timeline

PublishedNov 14

Latest updateMay 13

Description

Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability."

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/net_framework2.0, 3.5.1+1

🔴Vulnerability Details

GHSA

GHSA-v48r-73x3-g7m3: Microsoft↗2022-05-13

▶

CVEList

CVE-2012-1896: Microsoft↗2012-11-14

▶