Summary
This host is missing an important security update according to Microsoft Bulletin MS11-069.
Impact
Successful exploitation could allow attacker to bypass certain security restrictions or gain knowledge of sensitive information.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms11-069
Insight
The flaw is due to an error when validating the trust level within the System.Net.Sockets namespace and can be exploited to bypass CAS (Code Access Security) restrictions or disclose information via a specially crafted web page viewed using a browser that supports XBAPs (XAML Browser Applications).
Affected
Microsoft .NET Framework 4.0
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 2.0 Service Pack 2
References
Severity
Classification
-
CVE CVE-2011-1978 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Microsoft MS00-058 security check
- Microsoft File Handling Component Remote Code Execution Vulnerability (2922229)
- Microsoft Remote Desktop Tampering Vulnerability (2969259)
- Microsoft Windows 'HTTP.sys' Denial of Service Vulnerability (2829254)
- Microsoft Windows IIS FTP Service Information Disclosure Vulnerability (2761226)