Vulnerability Details : CVE-2012-0161
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
Vulnerability category: Input validationExecute code
Products affected by CVE-2012-0161
- cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:1.0:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:3.5:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*
Threat overview for CVE-2012-0161
Top countries where our scanners detected CVE-2012-0161
Top open port discovered on systems with this issue
443
IPs affected by CVE-2012-0161 66,213
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2012-0161!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2012-0161
96.00%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-0161
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2012-0161
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-0161
-
http://www.securitytracker.com/id?1027036
Microsoft .NET Framework Serialization Bugs Let Remote Users Execute Arbitrary Code - SecurityTracker
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-035
Microsoft Security Bulletin MS12-035 - Critical | Microsoft Docs
-
http://www.us-cert.gov/cas/techalerts/TA12-129A.html
Microsoft Updates for Multiple Vulnerabilities | CISAUS Government Resource
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14951
Repository / Oval Repository
-
http://www.securityfocus.com/bid/53357
Microsoft .NET Framework Serialization CVE-2012-0161 Remote Code Execution Vulnerability
Jump to