New Search

Web proxy auto-discovery vulnerability - MS12-074

oval:org.mitre.oval:def:15810

The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2 3.5 3.5.1 4 and 4.5 does not validate configuration data that is returned during acquisition of proxy settings which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application aka "Web Proxy Auto-Discovery Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2012
  • Microsoft Windows 8
  • Microsoft Windows XP
  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2008
  • Microsoft Windows Vista
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows 7
Class:
vulnerability
Reference(s):
  • CVE-2012-4776
Product(s):
  • Microsoft .NET Framework 4.5
  • Microsoft .NET Framework 4.0
  • Microsoft .NET Framework 3.5.1
  • Microsoft .NET Framework 3.5
  • Microsoft .NET Framework 2.0