Microsoft .NET Framework Insecure Library Loading Vulnerability (CVE-2012-2519)
Schweregrad: : Alto
Identificador(es) CVE: : CVE-2012-2519,MS12-074
Data do informe: 21 julho 2015
Descrição
Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."
Exposição das informações
Apply associated Trend Micro DPI Rules.
Solução
Trend Micro Deep Security DPI Rule Number: 1005269
Trend Micro Deep Security DPI Rule Name: 1004373 - Identified Microsoft DLL File Over Network Share
Software infectado e versão:
- microsoft .net_framework 1.0
- microsoft .net_framework 1.1
- microsoft .net_framework 2.0
- microsoft .net_framework 3.5
- microsoft .net_framework 3.5.1
- microsoft .net_framework 4.0