Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Microsoft .Net Framework
Опубликовано:15 июня 2011 г.
Источник:
SecurityVulns ID:11731
Тип:библиотека
Уровень опасности:
8/10
Описание:Переполнение индекса массива, выполнение кода через компилятор JIT.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2011-1271 (The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework JIT Optimization Vulnerability.")
 CVE-2011-0664 (Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability.")
Файлы:Microsoft Security Bulletin MS11-039 - Critical Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)
 Microsoft Security Bulletin MS11-044 - Critical Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород