Microsoft .NET Framework Insecure Library Loading Vulnerability (CVE-2012-2519)
Gravità: : Alto
Identificatori CVE: CVE-2012-2519,MS12-074
Data notifica: 21 luglio 2015
Descrizione
Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."
Informazioni esposizione:
Apply associated Trend Micro DPI Rules.
Soluzioni
Trend Micro Deep Security DPI Rule Number: 1005269
Trend Micro Deep Security DPI Rule Name: 1004373 - Identified Microsoft DLL File Over Network Share
Software e versione interessati:
- microsoft .net_framework 1.0
- microsoft .net_framework 1.1
- microsoft .net_framework 2.0
- microsoft .net_framework 3.5
- microsoft .net_framework 3.5.1
- microsoft .net_framework 4.0