Summary
This host is missing an important security update according to Microsoft Bulletin MS11-069.
Impact
Successful exploitation could allow attacker to bypass certain security restrictions or gain knowledge of sensitive information.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms11-069
Insight
The flaw is due to an error when validating the trust level within the System.Net.Sockets namespace and can be exploited to bypass CAS (Code Access Security) restrictions or disclose information via a specially crafted web page viewed using a browser that supports XBAPs (XAML Browser Applications).
Affected
Microsoft .NET Framework 4.0
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 2.0 Service Pack 2
References
Severity
Classification
-
CVE CVE-2011-1978 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Microsoft Office Shared Component Security Bypass Vulnerability (2905238)
- Microsoft SharePoint Privilege Elevation Vulnerabilities (2663841)
- Microsoft OneNote Information Disclosure Vulnerability (2816264)
- Microsoft JScript and VBScript Scripting Engines Information Disclosure Vulnerability (2475792)
- Microsoft Windows Kernel Mode Drivers Privilege Escalation Vulnerabilities (979559)