Executive Summary

TitleVulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930)
NameMS11-078First vendor Publication2011-10-11
VendorMicrosoftLast vendor Modification2012-07-10
Severity (Vendor) CriticalRevision1.3

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores


Revision Note: V1.3 (July 10, 2012): Microsoft revised this bulletin to communicate a minor detection change for KB2572073 for Microsoft .NET Framework 2.0 Service Pack 2 to correct an offering issue. There were no changes to the security update files. Customers who have already successfully updated their systems do not need to take any action.

Summary: This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

Original Source

Url : http://technet.microsoft.com/en-us/security/bulletin/ms11-078

CWE : Common Weakness Enumeration

100 %CWE-264Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13069
Oval ID: oval:org.mitre.oval:def:13069
Title: .NET Framework Class Inheritance Vulnerability
Description: Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1253
Version: 7
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft .NET Framework 1.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Microsoft Silverlight 4
Definition Synopsis:

CPE : Common Platform Enumeration


OpenVAS Exploits

2011-10-12Name : Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability ...
File : nvt/secpod_ms11-078.nasl

Open Source Vulnerability Database (OSVDB)

76214Microsoft .NET Framework / Silverlight Class Inheritance Restriction Web Page...

Snort® IPS/IDS

2014-01-10Microsoft Silverlight inheritance restriction bypass
RuleID : 25035 - Revision : 7 - Type : BROWSER-PLUGINS
2014-01-10Microsoft Silverlight inheritance restriction bypass
RuleID : 20255 - Revision : 12 - Type : BROWSER-PLUGINS

Nessus® Vulnerability Scanner

2012-11-14Name : The version of the .NET Framework installed on the remote host is affected by...
File : smb_nt_ms12-074.nasl - Type : ACT_GATHER_INFO
2012-02-22Name : A multimedia application framework installed on the remote Mac OS X host is a...
File : macosx_ms11-039.nasl - Type : ACT_GATHER_INFO
2012-02-22Name : A multimedia application framework installed on the remote Mac OS X host is a...
File : macosx_ms11-078.nasl - Type : ACT_GATHER_INFO
2011-10-11Name : The version of the .NET Framework installed on the remote host allows arbitra...
File : smb_nt_ms11-078.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
2016-04-26 23:04:47
  • Multiple Updates
2014-02-17 11:47:07
  • Multiple Updates
2014-01-19 21:30:44
  • Multiple Updates
2013-05-11 00:49:53
  • Multiple Updates