Search Results (Refine Search)
- CPE Product Version: cpe:/a:microsoft:.net_framework:4.5
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-0002 |
Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability." Published: January 09, 2013; 1:09:39 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-0001 |
The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability." Published: January 09, 2013; 1:09:37 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-4777 |
The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "WPF Reflection Optimization Vulnerability." Published: November 13, 2012; 7:55:01 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-4776 |
The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability." Published: November 13, 2012; 7:55:01 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-0163 |
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability." Published: April 10, 2012; 5:55:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |