Threat Encyclopedia



This indicates an attack against a remote Code Execution vulnerability in Microsoft .NET framework.
The vulnerability is caused by a lack of validation when the .NET Framework acquires the default web proxy settings and executes JavaScript within the proxy auto-configuration file. This vulnerability could allow remote code execution if an attacker on the network is able to convince the victim to use a malicious proxy auto configuration JavaScript file.

affected-products-logoAffected Products

Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Microsoft .NET Framework 4.5


System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply patch, available from the web site

CVE References