.NET JIT Compiler Vulnerability Network Vulnerability

Summary

The remote host is affected by the vulnerabilitys described in CVE-2007-0043 Checking if System.web.dll version is less than 2.0.50727.832

Impact

The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an unchecked buffer, probably a buffer overflow, aka .NET JIT Compiler Vulnerability. Checking if System.web.dll version is less than 2.0.50727.832

Solution

All Users should upgrade to the latest version. http://www.microsoft.com/technet/security/Bulletin/ms07-040.mspx

Affected

Microsoft .NET Framework 1.1 SP 1 Microsoft .NET Framework 1.0 SP 3 Microsoft .NET Framework 2.0 SP 1/SP 2

References

http://secunia.com/advisories/26003
http://securitytracker.com/alerts/2007/Jul/1018356.html
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0043
http://www.microsoft.com/technet/security/Bulletin/ms07-040.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-0043
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803)
Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906)
Microsoft DirectShow Remote Code Execution Vulnerability (961373)
Microsoft Antimalware Client Privilege Elevation Vulnerability (2823482)
Microsoft DirectShow Remote Code Execution Vulnerability (961373)

Take action and discover your vulnerabilities