Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:STC:DOT-NET-REFLECTION |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft .NET Framework Reflection Bypass Vulnerability |
Release Date |
2012/11/12 |
Update Number |
2202 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Microsoft .NET Framework Reflection Bypass Vulnerability
This signature detects attempts to exploit a known vulnerability against Microsoft .NET Framework. A successful attack can result in the attacker could take complete control of an affected system.
Extended Description
The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability."
Affected Products
- Microsoft .net_framework 1.0
- Microsoft .net_framework 1.1
- Microsoft .net_framework 2.0
- Microsoft .net_framework 3.5.1
- Microsoft .net_framework 4.0
References
- CVE: CVE-2012-1895