Microsoft .NET Framework Insecure Library Loading Vulnerability (CVE-2012-2519)
Schweregrad:: Hoch
CVE Kennungen:: CVE-2012-2519,MS12-074
Hinweisdatum: 21 Juli 2015
Beschreibung
Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."
Trend Micro Lösungen
Apply associated Trend Micro DPI Rules.
Lösungen
Trend Micro Deep Security DPI Rule Number: 1005269
Trend Micro Deep Security DPI Rule Name: 1004373 - Identified Microsoft DLL File Over Network Share
Betroffene Software und Version:
- microsoft .net_framework 1.0
- microsoft .net_framework 1.1
- microsoft .net_framework 2.0
- microsoft .net_framework 3.5
- microsoft .net_framework 3.5.1
- microsoft .net_framework 4.0