CVE-2012-1855

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 2.0 SP2, 3.5, 3.5.1, 4, and 4.5

Description The issue allows remote attackers to execute arbitrary code via a crafted XAML browser application or a crafted .NET Framework application. This is due to the improper handling of function pointers. An attacker who successfully exploits this issue could take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than users operating with administrative user rights.

Recommendations For Microsoft .NET Framework versions 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, update to a version that properly handles function pointers to prevent remote code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.