.NET JIT Compiler Vulnerability Network Vulnerability

Summary

The remote host is affected by the vulnerabilitys described in CVE-2007-0043 Checking if System.web.dll version is less than 2.0.50727.832

Impact

The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an unchecked buffer, probably a buffer overflow, aka .NET JIT Compiler Vulnerability. Checking if System.web.dll version is less than 2.0.50727.832

Solution

All Users should upgrade to the latest version. http://www.microsoft.com/technet/security/Bulletin/ms07-040.mspx

Affected

Microsoft .NET Framework 1.1 SP 1 Microsoft .NET Framework 1.0 SP 3 Microsoft .NET Framework 2.0 SP 1/SP 2

References

http://secunia.com/advisories/26003
http://securitytracker.com/alerts/2007/Jul/1018356.html
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0043
http://www.microsoft.com/technet/security/Bulletin/ms07-040.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-0043

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270)
Microsoft .NET Framework Remote Code Execution Vulnerability (3000414)
Internet Information Services (IIS) FTP Service Remote Code Execution Vulnerability (2489256)
Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881)
Microsoft Internet Explorer Memory Corruption Vulnerability (2755801)

Take action and discover your vulnerabilities