CVE-2012-0014

Published: Feb 14, 2012Modified: Apr 29, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."

Affected (13)

Products: Microsoft: .net Framework, Silverlight

Microsoft

2 products

.net Framework

Silverlight

Configuration A

3 vulnerable · 11 platform

Vulnerable Software	Affected Versions
Microsoft .net Framework	Version 2.0 sp2
Microsoft .net Framework	Version 3.5.1
Microsoft .net Framework	Version 4.0

Running on/with	Platform Versions
Microsoft Windows 7	All versions
Microsoft Windows 7	All versions
Microsoft Windows 7	All versions
Microsoft Windows 7	All versions
Microsoft Windows Server 2003	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	Version r2
Microsoft Windows Server 2008	Version r2
Microsoft Windows Vista	All versions
Microsoft Windows Xp	All versions

Configuration B

10 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Microsoft Silverlight	Version 4.0.50524.00
Microsoft Silverlight	Version 4.0.50826.0
Microsoft Silverlight	Version 4.0.50917.0
Microsoft Silverlight	Version 4.0.51204.0
Microsoft Silverlight	Version 4.0.60129.0
Microsoft Silverlight	Version 4.0.60310.0
Microsoft Silverlight	Version 4.0.603310.0
Microsoft Silverlight	Version 4.0.60531.0
Microsoft Silverlight	Version 4.0.60831.0
Microsoft Silverlight	Version 4.1.10111