Summary
This host is missing a critical security update according to Microsoft Bulletin MS11-044.
Impact
Successful exploitation could allow context-dependent attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a crafted application.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms11-044
Insight
The flaw is due to the JIT compiler, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions.
Affected
Microsoft .NET Framework 4.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 1
References
Severity
Classification
-
CVE CVE-2011-1271 -
CVSS Base Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Flaw in Certificate Enrollment Control (Q323172)
- Microsoft Office nformation Disclosure Vulnerability (957699)
- Microsoft Windows Netlogon Service Denial of Service Vulnerability (2207559)
- Microsoft Windows SAMR Protocol Security Bypass Vulnerability (2934418)
- Microsoft Windows Kernel Denial of Service Vulnerability (2556532)