MS09-061: Vulnerabilities in the Microsoft .NET Framework 2.0 SP2 Common Language Runtime Could Allow Remote Code Execution (974378)

medium Nessus Network Monitor Plugin ID 5223

Synopsis

The remote .NET Framework 2.0 SP2 is vulnerable to remote code execution attacks.

Description

The remote host is running a version of the .NET Framework 2.0 SP2 which is potentially affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the Microsoft .NET Framework that could allow a malicious Microsoft .NET Framework application to obtain a managed pointer to stack memory that is no longer used. (CVE-2009-0090)

- A remote code execution vulnerability exists in the Microsoft .NET Framework that could allow a malicious Microsoft .NET application to bypass a type equality check. (CVE-2009-0091)

- A remote code execution vulnerability exists in the Microsoft .NET Framework that can allow a malicious Microsoft .NET application to modify memory of the attacker's choice. (CVE-2009-2497)

Solution

Apply the patches referenced in Microsoft's security bulletin.

See Also

http://www.microsoft.com/technet/security/bulletin/MS09-061.mspx

Plugin Details

Severity: Medium

ID: 5223

Family: Web Servers

Published: 10/21/2009

Updated: 3/6/2019

Nessus ID: 42117

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:.net_framework

Patch Publication Date: 10/13/2009

Vulnerability Publication Date: 10/13/2009

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2009-0090, CVE-2009-0091

BID: 36611, 36617