CVE-2012-2519Microsoft NET Framework vulnerability

3 documents3 sources
Severity
7.9HIGHNVD
EPSS
0.7%
top 28.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft NET Framework
Timeline
PublishedNov 14
Latest updateMay 13

Description

Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."

CVSS vector

AV:A/AC:M/C:C/I:C/A:CExploitability: 5.5 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/net_framework6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-j78j-4p5c-28vw: Untrusted search path vulnerability in Entity Framework in ADO2022-05-13
CVEList
CVE-2012-2519: Untrusted search path vulnerability in Entity Framework in ADO2012-11-14
CVE-2012-2519 — Microsoft NET Framework vulnerability | cvebase