MS11-078: Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930)

high Nessus Plugin ID 56452

Language:

Synopsis

The version of the .NET Framework installed on the remote host allows arbitrary code execution.

Description

The remote Windows host is running a version of the Microsoft .NET Framework or Silverlight 4 that improperly restricts inheritance within classes. A remote attacker could exploit this issue by tricking a user into viewing a specially crafted web page, resulting in arbitrary code execution.

Solution

Microsoft has released a set of patches for the .NET Framework on Windows XP, 2003, Vista, 2008, 7, and 2008 R2.

Plugin Details

Severity: High

ID: 56452

File Name: smb_nt_ms11-078.nasl

Version: 1.16

Type: local

Agent: windows

Family: Windows : Microsoft Bulletins

Published: 10/11/2011

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:microsoft:.net_framework, cpe:/a:microsoft:silverlight, cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 10/11/2011

Vulnerability Publication Date: 10/11/2011

Reference Information

CVE: CVE-2011-1253

BID: 49999

MSFT: MS11-078

MSKB: 2512827, 2572067, 2572069, 2572073, 2572075, 2572076, 2572077, 2572078

Detections

Analytics