The host is installed with Microsoft .NET Framework and is prone to security bypass vulnerability This NVT has been replaced by NVT secpod_ms11-044.nasl (OID:1.3.6.1.4.1.25623.1.0.902522).

Successful exploitation could allow context-dependent attackers to bypass intended access restrictions. Impact Level: System/Application

Upgrade to Microsoft .NET Framework version 4 beta 2 or later. For updates refer to http://www.microsoft.com/net/download.aspx

The flaw is due to an error in the JIT compiler, when 'IsJITOptimizerDisabled' is set to false, fails to handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a crafted application.

Microsoft .NET Framework versions before 4 beta 2.

• http://stackoverflow.com/questions/2135509/bug-only-occurring-when-compile-optimization-enabled/

---

Updated on 2015-03-25