MS09-061: Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)

This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.


Synopsis :

The Microsoft .NET Common Language Runtime is affected by multiple
vulnerabilities.

Description :

The remote Windows host is running a version of the Microsoft .NET
Framework that is affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the
Microsoft .NET Framework that could allow a malicious
Microsoft .NET application to obtain a managed pointer
to stack memory that is no longer used. The malicious
Microsoft .NET application could then use this pointer
to modify legitimate values placed at that stack
location
later, leading to arbitrary, unmanaged code execution.
Microsoft .NET applications that are not malicious are
not at risk for being compromised because of this
vulnerability.(CVE-2009-0090)

- A remote code execution vulnerability exists in the
Microsoft
.NET Framework that could allow a malicious Microsoft
.NET
application to bypass a type equality check. The
malicious
Microsoft .NET could exploit this vulnerability by
casting
an object of one type into another type, leading to
arbitrary,
unmanaged code execution. Microsoft .NET applications
that
are not malicious are not at risk for being compromised
because
of this vulnerability.(CVE-2009-0091)

- A remote code execution vulnerability exists in the
Microsoft
.NET Framework that can allow a malicious Microsoft .NET
application or a malicious Silverlight application to
modify
memory of the attacker's choice, leading to arbitrary,
unmanaged
code execution. Microsoft .NET applications and
Silverlight
applications that are not malicious are not at risk for
being
compromised because of this
vulnerability.(CVE-2009-2497)

See also :

http://technet.microsoft.com/en-us/security/bulletin/MS09-061

Solution :

Microsoft has released a set of patches for .NET Framework 1.1, 2.0
and 3.5.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 42117 ()

Bugtraq ID: 36611
36617
36618

CVE ID: CVE-2009-0090
CVE-2009-0091
CVE-2009-2497