Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1253

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2011-1253
Last Modified 26 Jan 2012 10:58:56
Published 11 Oct 2011 10:52:43
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1253

Summary

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."

Vulnerable Systems

Application

  • Microsoft .net Framework 1.0

  • Microsoft .net Framework 1.1

  • Microsoft .net Framework 2.0

  • Microsoft .net Framework 3.5.1

  • Microsoft .net Framework 4.0

  • Microsoft Silverlight 4.0.60531.0


References

MS - MS11-078

Related Patches

MS11-078 Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2572073)

MS11-078 Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x64 (KB2572073)

MS11-078 2572067 Security Update for .NET Framework 1.1 SP1 (All Languages)


Last Updated: 27 May 2016 10:56:14