Contents
- Vital information on this issue
- Scanning For and Finding Vulnerabilities in .NET Framework Allows Code Execution (MS11-028)
- Penetration Testing (Pentest) for this Vulnerability
- Security updates on Vulnerabilities in .NET Framework Allows Code Execution (MS11-028)
- Disclosures related to Vulnerabilities in .NET Framework Allows Code Execution (MS11-028)
- Confirming the Presence of Vulnerabilities in .NET Framework Allows Code Execution (MS11-028)
- False positive/negatives
- Patching/Repairing this vulnerability
- Exploits related to Vulnerabilities in .NET Framework Allows Code Execution (MS11-028)
Vital Information on This Issue
Vulnerabilities in .NET Framework Allows Code Execution (MS11-028) is a high risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.Vulnerability Name: | .NET Framework Allows Code Execution (MS11-028) |
---|---|
Test ID: | 13362 |
Risk: | High |
Category: | Policy Checks |
Type: | Attack |
Summary: | The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via a crafted XAML browser application (aka XBAP), a crafted ASP.NET application, or a crafted .NET Framework application, aka “.NET Framework Stack Corruption Vulnerability.” |
Impact: | Successful exploitation could result in remote attackers crashing an affected system or execute arbitrary code by tricking a user into visiting a specially crafted web page. |
Solution: | http://www.microsoft.com/technet/security/bulletin/ms11-028.mspx |
CVE: | CVE-2010-3958 |
More Information: | http://www.cvedetails.com/microsoft-bulletin/ms11-028/ https://technet.microsoft.com/library/security/ms11-028 |
Nist NVD (CVSS): | |
CVSS Score: | 9.3 |
Microsoft Security Bulletin: | (AV:N/AC:M/Au:N/C:C/I:C/A:C) |