Improper input validation in Microsoft .Net_framework
CVE-2012-0163
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.542 (98.1th percentile) — read the EPSS interpretation.
Affected products
- Microsoft .Net_framework — versions 1.0, 1.1, 2.0
- N/a — versions n/a
Weakness classification (CWE)
References
- MS12-025 (x_refsource_MS, vendor-advisory)
- oval:org.mitre.oval:def:15495 (x_refsource_OVAL, signature, vdb-entry)
- TA12-101A (US Government Resource, x_refsource_CERT, third-party-advisory)
- ms-dotnet-parameter-code-exec(74377) (vdb-entry, x_refsource_XF)
- 1026907 (vdb-entry, x_refsource_SECTRACK)