Summary
This host is missing a critical security update according to Microsoft Bulletin MS11-028.
Impact
Successful exploitation could allow remote attackers to crash an affected system or execute arbitrary code by tricking a user into visiting a specially crafted web page.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms11-028
Insight
The flaw is caused by a stack corruption error in the x86 JIT compiler within the .NET Framework when compiling certain types of function calls, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
Affected
Microsoft .NET Framework 4.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5 Service Pack 1
References
Severity
Classification
-
CVE CVE-2010-3958 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Wireless LAN AutoConfig Service Remote Code Execution Vulnerability (970710)
- Microsoft Hyper-V Privilege Elevation Vulnerability (2893986)
- .NET JIT Compiler Vulnerability
- Host Integration Server RPC Service Remote Code Execution Vulnerability (956695)
- Cumulative Security Update for Internet Explorer (950759)