MS.NET.Framework.Insecure.Library.Loading
Description
This indicates an attack against a remote Code Execution vulnerability in Microsoft .NET Framework.
The vulnerability is caused when Entity Framework, a .NET Framework component, incorrectly restricts the path used for loading external libraries. An attacker could convince a user to open a legitimate file associated with the application built using ADO.NET that is located in the same network directory as a specially crafted dynamic link library file.
Affected Products
Microsoft .NET Framework 1.0 Service Pack 3
Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply patch, available from the web site
http://technet.microsoft.com/en-us/security/bulletin/MS12-074.mspx
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-11-22 | 15.729 | Name:MS. Dot. NET. Framework. Insecure. Library. Loading:MS. NET. Framework. Insecure. Library. Loading |