Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1271

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2011-1271
Last Modified 12 Aug 2011 12:00:00
Published 10 May 2011 03:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2011-1271

Summary

The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework JIT Optimization Vulnerability."

Vulnerable Systems

Application

  • Microsoft .net Framework 2.0

  • Microsoft .net Framework 3.5

  • Microsoft .net Framework 3.5.1

  • Microsoft .net Framework 4.0


References

MS - MS11-044

MISC - http://stackoverflow.com/questions/2135509/bug-only-occurring-when-compile-optimization-enabled/

Related Patches

MS11-044 2514842 2518867 2518869 Security Update for .NET Framework 3.5.1 (All Languages) (Rev 2)

MS11-044 Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2518864)

MS11-044 Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x64 (KB2518864)

MS11-044 2538814 2518870 Security Update for .NET Framework 4.0 (All Languages)

MS11-044 2538814 2518864 2518865 2518866 Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 (All Languages) (Rev 3)


Last Updated: 27 May 2016 10:56:14