Microsoft .NET Framework Memory Access Vulnerability

Added: 06/18/2012
CVE: CVE-2012-1855
BID: 53861
OSVDB: 82859


The .NET Framework is a software framework for Microsoft Windows. It includes a large class library that provides user interface, data access, database connectivity, cryptography, web application development, numeric algorithms, and network communications. Programs written for the .NET Framework execute in a software environment known as the Common Language Runtime (CLR), an application virtual machine that provides services such as security, memory management, and exception handling. The class library and the CLR together constitute the .NET Framework.


Microsoft .NET Framework is vulnerable to remote code execution due to a memory corruption flaw because the framework fails to sanitize user-supplied input when handling function pointers. If a remote attacker persuades a user to open a specially crafted web page, the attacker could execute arbitrary code in the context of the vulnerable user.


Apply the patch provided in Microsoft Security Bulletin MS12-038.



This exploit has been tested against Microsoft .NET Framework 4 on Microsoft Windows XP SP3 English (DEP OptIn).

The user must open the exploit file in Internet Explorer 8.



Back to exploit index