Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MS09-061: Vulnerabilities in the Microsoft .NET Framework 1.1 Common Language Runtime Could Allow Remote Code Execution (974378)

Medium

Synopsis

The remote .NET Framework 1.1 is vulnerable to remote code execution attacks.

Description

The remote host is running a version of the .NET Framework 1.1 which is potentially affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the Microsoft .NET Framework that could allow a malicious Microsoft .NET Framework application to obtain a managed pointer to stack memory that is no longer used. (CVE-2009-0090)

- A remote code execution vulnerability exists in the Microsoft .NET Framework that could allow a malicious Microsoft .NET application to bypass a type equality check. (CVE-2009-0091)

- A remote code execution vulnerability exists in the Microsoft .NET Framework that can allow a malicious Microsoft .NET application to modify memory of the attacker's choice. (CVE-2009-2497)

Solution

Apply the patches referenced in Microsoft's security bulletin.