MS10-060: Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906)

This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.


Synopsis :

The Microsoft .NET Common Language Runtime and/or Microsoft
Silverlight have multiple vulnerabilities.

Description :

The remote Windows host is running a version of the Microsoft .NET
Framework and/or Microsoft Silverlight affected by multiple
vulnerabilities :

- Silverlight improperly handles pointers in an unspecified
manner. A remote attacker could exploit this by tricking
a user into viewing a web page with maliciously crafted
Silverlight content. (CVE-2010-0019)

- An unspecified vulnerability in the .NET framework can
allow a specially crafted .NET or Silverlight application
to access memory, resulting in arbitrary unmanaged
code execution. (CVE-2010-1898)

See also :

http://technet.microsoft.com/en-us/security/bulletin/MS10-060

Solution :

Microsoft has released a set of patches for .NET Framework 2.0, 3.5,
and Silverlight.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 48297 ()

Bugtraq ID: 42138
42295

CVE ID: CVE-2010-0019
CVE-2010-1898