CVE ID | CVE-2012-0162 |
CVSS SCORE | 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P |
AFFECTED VENDORS |
Microsoft |
AFFECTED PRODUCTS |
.NET |
VULNERABILITY DETAILS |
The specific flaw exists within Microsoft .NET handling of XAML Browser Applications (XBAP) graphics components. It is possible to cause an undersized allocation for a buffer which is populated with user-supplied glyph data, resulting in memory corruption which can be leveraged to remotely execute code. |
ADDITIONAL DETAILS |
Microsoft has issued an update to correct this vulnerability. More details can be found at:
http://technet.microsoft.com/en-us/security/bulletin/ms12-034 |
DISCLOSURE TIMELINE |
|
CREDIT | Vitaliy Toropov |