Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS10-060.

Impact

Successful exploitation will let remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/MS10-060

Insight

This flaw is caused by an error in the way the Common Language Runtime (CLR) handles delegates to virtual methods, which could be exploited to execute arbitrary code by tricking a user into visiting a malicious web page containing a specially crafted XBAP (XAML browser application).

Affected

Microsoft .NET Framework 3.5/SP 1 Microsoft .NET Framework 2.0 SP1/SP2

References

http://support.microsoft.com/kb/983583/
http://technet.microsoft.com/en-us/security/bulletin/MS10-060
http://www.vupen.com/english/advisories/2010/2057

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0019, CVE-2010-1898

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)
Microsoft Data Analyzer ActiveX Control Vulnerability (978262)
.NET JIT Compiler Vulnerability
Cumulative Security Update for Internet Explorer (969897)
Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656)

Take action and discover your vulnerabilities