HTTP: Microsoft .NET Framework Heap Corruption
This signature detects attempts to exploit a known vulnerability in Microsoft's .NET Framework. It is due to an error in calculating a buffer length for percent-encoded URI components of a UTF-8 encoded URI. Remote attackers could exploit this vulnerability by enticing a target user to either download and execute a malicious XAML browser application, or download and execute a malicious .NET application. A successful exploitation attempt could result in the execution of arbitrary code in the security context in which the .NET application runs.
Extended Description
Microsoft Silverlight and Microsoft .NET Framework are prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition.
Affected Products
Avaya messaging_application_server,Avaya meeting_exchange
Short Name
HTTP:MS-DOT-NET-HEAP-CORRUPT
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
.NET CVE-2012-0015 Corruption Framework Heap Microsoft bid:51940
Release Date
01/09/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Microsoft
Avaya
CVSS Score
9.3