Summary
This host is missing a critical security update according to Microsoft Bulletin MS11-044.
Impact
Successful exploitation could allow context-dependent attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a crafted application.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms11-044
Insight
The flaw is due to the JIT compiler, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions.
Affected
Microsoft .NET Framework 4.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 1
References
Severity
Classification
-
CVE CVE-2011-1271 -
CVSS Base Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Microsoft SharePoint Business Productivity Server RCE Vulnerability (2904244)
- Microsoft MS03-034 security check
- Microsoft .NET Framework Remote Code Execution Vulnerability (2538814)
- Microsoft Office Security Feature Bypass Vulnerability (3033857)
- Microsoft iSCSI Denial of Service Vulnerabilities (2962485)