MS09-061: Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The Microsoft .NET Common Language Runtime is affected by multiple
vulnerabilities.

Description :

The remote Windows host is running a version of the Microsoft .NET
Framework that is affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the
Microsoft .NET Framework that could allow a malicious
Microsoft .NET application to obtain a managed pointer
to stack memory that is no longer used. The malicious
Microsoft .NET application could then use this pointer
to modify legitimate values placed at that stack location
later, leading to arbitrary, unmanaged code execution.
Microsoft .NET applications that are not malicious are
not at risk for being compromised because of this
vulnerability.(CVE-2009-0090)

- A remote code execution vulnerability exists in the Microsoft
.NET Framework that could allow a malicious Microsoft .NET
application to bypass a type equality check. The malicious
Microsoft .NET could exploit this vulnerability by casting
an object of one type into another type, leading to arbitrary,
unmanaged code execution. Microsoft .NET applications that
are not malicious are not at risk for being compromised because
of this vulnerability.(CVE-2009-0091)

- A remote code execution vulnerability exists in the Microsoft
.NET Framework that can allow a malicious Microsoft .NET
application or a malicious Silverlight application to modify
memory of the attacker's choice, leading to arbitrary, unmanaged
code execution. Microsoft .NET applications and Silverlight
applications that are not malicious are not at risk for being
compromised because of this vulnerability.(CVE-2009-2497)

See also :

http://technet.microsoft.com/en-us/security/bulletin/MS09-061

Solution :

Microsoft has released a set of patches for .NET Framework 1.1, 2.0
and 3.5.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 42117 ()

Bugtraq ID: 36611
36617
36618

CVE ID: CVE-2009-0090
CVE-2009-0091
CVE-2009-2497