Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Microsoft .NET Framework Remote Code Execution Vulnerabilities (931212)

Medium

Synopsis

The remote .NET Framework is vulnerable to code execution attack.

Description

The remote host is running a version of the ASP.NET framework that contains multiple vulnerabilities :

- PE Loader Vulnerability: could allow an attacker to execute arbitrary code with the privilege of the logged-on user;

- ASP.NET NULL Byte Termination Vulnerability: could allow an attacker to retrieve the content of the web server;

- JIT Compiler Vulnerability: could allow an attacker to execute arbitrary code with the privilege of the logged-on user.

Solution

Microsoft has released a set of patches for .NET Framework 1.0, 1.1 and 2.0.