CVE-2012-1896 Details

CVE-2012-1896

Published: 2012-11-14 00:55:00
CVE Author: NIST National Vulnerability Database (NVD)
Summary:

Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability."

Exploitability Analysis:

This is a vulnerability exploitable with network access which means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access to exploit it. Such a vulnerability is often termed “remotely exploitable”.

Exploitability Complexity:

Specialized access conditions or extenuating circumstances do not exist. The following are examples: The affected product typically requires access to a wide range of systems and users, possibly anonymous an untrusted (e.g., Internet-facing web or mail server). The affected configuration is default or ubiquitous. The attack can be performed manually and requires little skill or additional information gathering. The 'race condition' is a lazy one (i.e., it is technically a race but easily winnable).

Authentication:

Authentication is not required to access and exploit the vulnerability.

Confidentiality Impact:

There is considerable informational disclosure. Access to some system files is possible, but the attacker does not have control over what is obtained, or the scope of the loss is constrained. An example is a vulnerability that divulges only certain tables in a database.

Integrity Impact:

There is no impact to the integrity of the system.

Availability Impact:

There is no impact to the availability of the system.

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

CVE-2012-1896

Search
Impact
Medium
CVSS Score
5.0
Exploitable
Remotely Exploitable

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage 138,698 vulnerabilities.