icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

MS09-061: Vulnerabilities in the Microsoft .NET Framework 2.0 SP2 Common Language Runtime Could Allow Remote Code Execution (974378)

Medium

Synopsis

The remote .NET Framework 2.0 SP2 is vulnerable to remote code execution attacks.

Description

The remote host is running a version of the .NET Framework 2.0 SP2 which is potentially affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the Microsoft .NET Framework that could allow a malicious Microsoft .NET Framework application to obtain a managed pointer to stack memory that is no longer used. (CVE-2009-0090)

- A remote code execution vulnerability exists in the Microsoft .NET Framework that could allow a malicious Microsoft .NET application to bypass a type equality check. (CVE-2009-0091)

- A remote code execution vulnerability exists in the Microsoft .NET Framework that can allow a malicious Microsoft .NET application to modify memory of the attacker's choice. (CVE-2009-2497)

Solution

Apply the patches referenced in Microsoft's security bulletin.