Intrusion PreventionMS.NET.Web.Framework.Proxy.Auto-Discovery.Remote.Code.Execution
Description
This indicates an attack against a remote Code Execution vulnerability in Microsoft .NET framework.
The vulnerability is caused by a lack of validation when the .NET Framework acquires the default web proxy settings and executes JavaScript within the proxy auto-configuration file. This vulnerability could allow remote code execution if an attacker on the network is able to convince the victim to use a malicious proxy auto configuration JavaScript file.
Affected Products
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Microsoft .NET Framework 4.5
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply patch, available from the web site
http://technet.microsoft.com/en-us/security/bulletin/MS12-074.mspx
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2020-12-22 | 16.984 | Name:MS. NET. Web. Proxy. Auto-Discovery. Remote. Code. Execution:MS. NET. Web. Framework. Proxy. Auto-Discovery. Remote. Code. Execution |
| 2019-11-22 | 15.729 | Name:MS. Dot. Net. Web. Proxy. Auto-Discovery. Remote. Code. Execution:MS. NET. Web. Proxy. Auto-Discovery. Remote. Code. Execution |
| ID | 33864 |
| Created | Nov 14, 2012 |
| Updated | Nov 03, 2021 |
| Risk |
|
| CVE ID | CVE-2012-4776 |
| Exploit Prediction Score | 93.29% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Other |