Summary
This host is missing a critical security update according to Microsoft Bulletin MS11-044.
Impact
Successful exploitation could allow context-dependent attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a crafted application.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms11-044
Insight
The flaw is due to the JIT compiler, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions.
Affected
Microsoft .NET Framework 4.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 1
References
Severity
Classification
-
CVE CVE-2011-1271 -
CVSS Base Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Microsoft IIS FTP Connection Status Request Denial of Service Vulnerability
- Microsoft .NET Framework Security Bypass Vulnerability (2984625)
- Microsoft SQL Server Elevation of Privilege Vulnerability (2984340)
- Microsoft Remote Desktop Tampering Vulnerability (2969259)
- Microsoft Security Bulletin MS06-033