Summary
This host is missing an important security update according to Microsoft Bulletin MS11-069.
Impact
Successful exploitation could allow attacker to bypass certain security restrictions or gain knowledge of sensitive information.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms11-069
Insight
The flaw is due to an error when validating the trust level within the System.Net.Sockets namespace and can be exploited to bypass CAS (Code Access Security) restrictions or disclose information via a specially crafted web page viewed using a browser that supports XBAPs (XAML Browser Applications).
Affected
Microsoft .NET Framework 4.0
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 2.0 Service Pack 2
References
Severity
Classification
-
CVE CVE-2011-1978 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Exchange 2000 Exhaust CPU Resources (Q320436)
- Microsoft Exchange and Windows SMTP Service Denial of Service Vulnerability (981832)
- Microsoft SharePoint Server HTML Sanitisation Component XSS Vulnerability (2821818)
- Microsoft Visual Studio Privilege Elevation Vulnerability (2651019)
- Microsoft 'ISATAP' Component Spoofing Vulnerability (978338)