1. Home
  2. CVE Database
  3. CVE-2012-2519
HIGH · 7.9

CVE-2012-2519

Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL...

Vulnerability Description

Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."

CVSS Score

7.9

HIGH

AV:A/AC:M/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
Microsoft.Net Framework1.0
MicrosoftWindows Xp2005
MicrosoftWindows Server 2003All versions
MicrosoftWindows Server 2008All versions
MicrosoftWindows VistaAll versions
MicrosoftWindows 7All versions
MicrosoftWindows 8-
MicrosoftWindows Server 2012-

References

FAQ

What is CVE-2012-2519?

CVE-2012-2519 is a vulnerability with a CVSS score of 7.9 (HIGH). Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL...

How severe is CVE-2012-2519?

CVE-2012-2519 has been rated HIGH with a CVSS base score of 7.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-2519?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft .Net Framework, Microsoft Windows Xp, Microsoft Windows Server 2003, Microsoft Windows Server 2008, Microsoft Windows Vista.