Summary
This host is missing an important security update according to Microsoft Bulletin MS11-069.
Impact
Successful exploitation could allow attacker to bypass certain security restrictions or gain knowledge of sensitive information.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms11-069
Insight
The flaw is due to an error when validating the trust level within the System.Net.Sockets namespace and can be exploited to bypass CAS (Code Access Security) restrictions or disclose information via a specially crafted web page viewed using a browser that supports XBAPs (XAML Browser Applications).
Affected
Microsoft .NET Framework 4.0
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 2.0 Service Pack 2
References
Severity
Classification
-
CVE CVE-2011-1978 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Microsoft Windows 'HTTP.sys' Denial of Service Vulnerability (2829254)
- Microsoft Office Security Feature Bypass Vulnerability (2961033)
- Active Directory Certificate Services Web Enrollment Elevation of Privilege Vulnerability (2518295)
- Microsoft Security Bulletin MS06-056
- ASP.NET MVC Security Feature Bypass Vulnerability (2990942)