CVE-2012-0014

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 2.0 SP2, 3.5.1, and 4 Silverlight versions 4 through 4.1.10110

Description A remote code execution issue exists due to improper restriction of access to memory associated with unmanaged objects. This allows remote attackers to execute arbitrary code via crafted applications, including XAML browser applications, ASP.NET applications, .NET Framework applications, or Silverlight applications. An attacker who successfully exploits this issue could run arbitrary code in the security context of the logged-on user, potentially installing programs, viewing, changing, or deleting data, or creating new accounts with full user rights.

Recommendations For Microsoft .NET Framework versions 2.0 SP2, 3.5.1, and 4, update to a version that includes the fix for this issue. For Silverlight versions 4 through 4.1.10110, update to version 4.1.10111 or later. As a temporary workaround, consider restricting access to crafted applications that could exploit this issue until a patch is available.