The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "WPF Reflection Optimization Vulnerability."
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
| Link | Tags |
|---|---|
| http://www.us-cert.gov/cas/techalerts/TA12-318A.html | third party advisory us government resource |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-074 | vendor advisory |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15960 | signature vdb entry |
| http://osvdb.org/87267 | vdb entry |
| http://www.securityfocus.com/bid/56464 | vdb entry |
| http://secunia.com/advisories/51236 | third party advisory |
| http://www.securitytracker.com/id?1027753 | vdb entry |