Microsoft .NET Framework Insecure Library Loading Vulnerability (CVE-2012-2519)
Gravité: : Élevé
Identifiant(s) CVE: : CVE-2012-2519,MS12-074
Date du conseil: 21 juillet 2015
Description
Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."
Information Exposure Rating:
Apply associated Trend Micro DPI Rules.
Solutions
Trend Micro Deep Security DPI Rule Number: 1005269
Trend Micro Deep Security DPI Rule Name: 1004373 - Identified Microsoft DLL File Over Network Share
Affected software and version:
- microsoft .net_framework 1.0
- microsoft .net_framework 1.1
- microsoft .net_framework 2.0
- microsoft .net_framework 3.5
- microsoft .net_framework 3.5.1
- microsoft .net_framework 4.0