Summary
This host is missing a critical security update according to Microsoft Bulletin MS09-061.
Impact
Remote attackers could execute arbitrary code and compromise the affected system.
Impact Level: System.
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/bulletin/ms09-061.mspx
Insight
- An unspecified error can be exploited to obtain a managed pointer to stack memory which can be used to overwrite data at that stack location.
- An error in the type equality check can be exploited to cast an object of one type into another type.
- An error when handling interfaces can be exploited by malicious .NET or Silverlight applications to corrupt memory.
Affected
Microsoft .NET Framework 3.5/SP 1
Microsoft .NET Framework 1.1 SP 1
Microsoft .NET Framework 2.0 SP 1/SP 2
References
Severity
Classification
-
CVE CVE-2009-0090, CVE-2009-0091, CVE-2009-2497 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Cumulative Security Update for Internet Explorer (972260)
- Message Queuing Remote Code Execution Vulnerability (951071)
- Microsoft Foundation Classes Could Allow Remote Code Execution Vulnerability (2387149)
- Cumulative Security Update for Internet Explorer (961260)
- Microsoft .NET Framework Privilege Elevation Vulnerability (3005210)