Summary
This host is missing a critical security update according to Microsoft Bulletin MS11-028.
Impact
Successful exploitation could allow remote attackers to crash an affected system or execute arbitrary code by tricking a user into visiting a specially crafted web page.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms11-028
Insight
The flaw is caused by a stack corruption error in the x86 JIT compiler within the .NET Framework when compiling certain types of function calls, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
Affected
Microsoft .NET Framework 4.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5 Service Pack 1
References
Severity
Classification
-
CVE CVE-2010-3958 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Groove Remote Code Execution Vulnerability (2494047)
- .NET JIT Compiler Vulnerability
- Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803)
- Microsoft Distributed File System Remote Code Execution Vulnerabilities (2535512)
- Microsoft GDI+ Remote Code Execution Vulnerability (2489979)