<<  MS12-034: Combined Security Update For Microsoft Office, Windows, Security Advisory 2695962 – Remote Code Execution Update Rollup For  >>
MS12-035: Vulnerabilities in

MS12-035: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777). CVE. CVE. Severity. Severity. Exploitability. Exploitability. Comment. Comment. Note. Note. Web-Browsing Scenario: An attacker could host a specially crafted website that contains a specially crafted XBAP (XAML browser application) that is used to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could be used to exploit this vulnerability. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. Web-Browsing Scenario: An attacker could host a specially crafted website that contains a specially crafted XBAP (XAML browser application) that is used to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could be used to exploit this vulnerability. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. Web-Browsing Scenario: An attacker could host a specially crafted website that contains a specially crafted XBAP (XAML browser application) that is used to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could be used to exploit this vulnerability. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. Web-Browsing Scenario: An attacker could host a specially crafted website that contains a specially crafted XBAP (XAML browser application) that is used to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could be used to exploit this vulnerability. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. An attacker would have no way to force users to visit a website. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration. Standard .NET Framework applications are not affected by this vulnerability. Only specially crafted .NET Framework applications could exploit this vulnerability. (CVE-2012-0160). An attacker would have no way to force users to visit a website. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration. Standard .NET Framework applications are not affected by this vulnerability. Only specially crafted .NET Framework applications could exploit this vulnerability. (CVE-2012-0160). An attacker would have no way to force users to visit a website. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration. Standard .NET Framework applications are not affected by this vulnerability. Only specially crafted .NET Framework applications could exploit this vulnerability. (CVE-2012-0160). An attacker would have no way to force users to visit a website. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration. Standard .NET Framework applications are not affected by this vulnerability. Only specially crafted .NET Framework applications could exploit this vulnerability. (CVE-2012-0160). CVE-2012-0160. Critical. 1. 1. Remote Code Execution. Cooperatively Disclosed. CVE-2012-0161. Critical. 1. 1. Remote Code Execution. Cooperatively Disclosed. Affected Products. Affected Products. All supported versions of .NET Framework on all supported versions of Windows and Windows Server. All supported versions of .NET Framework on all supported versions of Windows and Windows Server. All supported versions of .NET Framework on all supported versions of Windows and Windows Server. All supported versions of .NET Framework on all supported versions of Windows and Windows Server. Affected Components. Affected Components. .NET Framework. .NET Framework. .NET Framework. .NET Framework. Deployment Priority. Deployment Priority. 2. 2. 2. 2. Main Target. Main Target. Workstations and Servers. Workstations and Servers. Workstations and Servers. Workstations and Servers. Possible Attack Vectors. Possible Attack Vectors. Impact of Attack. Impact of Attack. An attacker successfully exploiting this issue could gain the same user rights as a logged-on user. An attacker successfully exploiting this issue could gain the same user rights as a logged-on user. An attacker successfully exploiting this issue could gain the same user rights as a logged-on user. An attacker successfully exploiting this issue could gain the same user rights as a logged-on user. Mitigating Factors. Mitigating Factors. Additional Information. Additional Information. .NET Framework 4 and .NET Framework 4 Client Profile Affected. .NET Framework 4 and .NET Framework 4 Client Profile Affected. .NET Framework 4 and .NET Framework 4 Client Profile Affected. .NET Framework 4 and .NET Framework 4 Client Profile Affected. Latest Software. Older Versions.

Слайд 14 из презентации «Information About Microsoft May 2012 Security Bulletins»

Размеры: 720 х 540 пикселей, формат: .jpg. Чтобы бесплатно скачать слайд для использования на уроке, щёлкните на изображении правой кнопкой мышки и нажмите «Сохранить изображение как...». Скачать всю презентацию «Information About Microsoft May 2012 Security Bulletins.pptx» можно в zip-архиве размером 473 КБ.

Похожие презентации

краткое содержание других презентаций на тему слайда

«Microsoft программы» - Microsoft word 2003 (окно программы). Современное общество уделяет рекламе много внимания. Microsoft internet explorer (программа-обозреватель web-страниц). Электронная почта – самый распространенный вид сетевой коммуникации. Программы Microsoft Office. Microsoft power point (мастер создания презентаций).

«Курсы Microsoft» - Курс «Учебные проекты с использованием Microsoft Office». Microsoft – Партнерство в образовании. Издательство «БИНОМ. Запись на тренинги. Курс «Персональный компьютер: настройка и техническая поддержка». Программа «Партнерство в образовании»: Учебные курсы Microsoft для средней школы. Курс «Основы программирования на примере Visual Basic.NET».

«Технологии Microsoft» - Программа семинара. Требуется новый уровень осмысления проблемы использования технологий в учебном процессе. Партнеры Программы Microsoft IT Academy. Нам важно ваше мнение! Участники Microsoft IT Academy. Роль Программы «Академия информационных технологий Microsoft» (Microsoft IT Academy). Направления взаимодействия Microsoft с системой образования.

«Портал Microsoft» - Системы с Web-интерфейсом. Сервер приложений. В течение часа после доклада я буду присутствовать на стенде “Спроси эксперта”. Быстрая интеграция приложений. Адаптеры. Портал. Итоги III этапа. Internet Information Services. XMLport. Запрос на предложение. Бизнес-сценарий. Обработка и интеграция. Интуитивно понятный и настраиваемый интерфейс.

«Приложения Microsoft» - Cryptography: криптографические функции. Code access security .NET Framework. Встроенный FxCop. Моделирование угроз. Достижения. Новые средства безопасности в Visual Studio 2005. Damage potential: Какова величина ущерба при использовании уязвимости? Аутентификация в .NET. Типы аутентификации в .NET Framework: Windows Generic Custom.

«Майкрософт Украина» - Открытие офиса майкрософт в украине. Чтение. Взаимосвязь компаний. Помочь людям и компаниям во всем мире полностью реализовать свой потенциал. История развития бизнеса Майкрософт в Украине. Интеграция систем. Представители Майкрософт. Направления работы Майкрософт в Украине: легальные пользователи ПО Майкрософт.

Microsoft

6 презентаций о Microsoft
Урок

Информатика

130 тем