Microsoft .NET Framework And Silverlight Remote Code Execution Vulnerability (2604930) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS11-078.

Impact

Successful exploitation could allow attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms11-078

Insight

The flaw due to an error when restricting inheritance within classes and can be exploited via a specially crafted web page.

Affected

Microsoft Silverlight 4.0 Microsoft .NET Framework 4.0 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 1.1 Service Pack 1

References

http://secunia.com/advisories/46406
http://securitytracker.com/id/1026161
http://securitytracker.com/id/1026162
http://technet.microsoft.com/en-us/security/bulletin/ms11-078

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1253

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Cumulative Security Update for Internet Explorer (961260)
Microsoft .NET Framework Privilege Elevation Vulnerability (2958732)
Microsoft Data Analyzer ActiveX Control Vulnerability (978262)
Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906)
Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881)

Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2604930)

Take action and discover your vulnerabilities