PCWorks: Multiple Vulnerabilities-Microsoft .NET Framework

Thread: PCWorks: Multiple Vulnerabilities-Microsoft .NET Framework

Search this list only Search all lists
PCWorks: Multiple Vulnerabilities-Microsoft .NET Framework
United States	2007-07-11 06:37:51
TITLE: Microsoft .NET Framework Multiple Vulnerabilities SECUNIA ADVISORY ID: SA26003 VERIFY ADVISORY: http://secunia.c om/advisories/26003/ CRITICAL: Moderately critical IMPACT: Exposure of system information, Exposure of sensitive information, System access WHERE: >From remote SOFTWARE: Microsoft .NET Framework 1.x http://secunia.com/pr oduct/667/ Microsoft .NET Framework 2.x http://secunia.com/p roduct/6456/ DESCRIPTION: Some vulnerabilities have been reported in Microsoft .NET Framework, which can be exploited by malicious people to disclose potentially sensitive information or compromise a user's system. 1) A boundary error in the PE Loader can be exploited to execute arbitrary code with permissions of the logged-on user when the user is tricked into visiting a malicious web page and performs certain actions. This vulnerability does not affect the .NET Framework when installed on Windows Vista. 2) An error exists in ASP.NET when processing URLs containing NULL-bytes, which can be exploited to disclose potentially sensitive information by gaining unauthorised access to certain parts of a web site via specially crafted requests. 3) A boundary error in the Just In Time Compiler (JIT) can be exploited to execute arbitrary code with permissions of the logged-on user when the user is tricked into visiting a malicious web page and performs certain actions. This vulnerability only affects .NET Framework 2.0 and does not affect the .NET Framework when installed on Windows Vista. SOLUTION: Apply patches. -- Microsoft .NET Framework 1.0 -- Windows 2000 SP4: http://www.microsof t.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976 E-9A01345A8603 Windows XP SP2: http://www.microsof t.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976 E-9A01345A8603 Windows XP Professional x64 Edition (optionally with SP2): http://www.microsof t.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976 E-9A01345A8603 Windows XP Tablet PC Edition 2005 and Windows XP Media Center Edition 2005: http://www.microsof t.com/downloads/details.aspx?FamilyId=829A2C5B-11EC-4ED7-91A B-6961034147BC Windows Server 2003 SP1/SP2: http://www.microsof t.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976 E-9A01345A8603 Windows Server 2003 with SP1/SP2 for Itanium-based systems : http://www.microsof t.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976 E-9A01345A8603 Windows Server 2003 x64 Edition (optionally with SP2): http://www.microsof t.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976 E-9A01345A8603 Windows Vista: http://www.microsof t.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976 E-9A01345A8603 -- Microsoft .NET Framework 1.1 -- Windows 2000 SP4: http://www.microsof t.com/downloads/details.aspx?FamilyId=281FB2CD-C715-4F05-A01 F-0455D2D9EBFB Windows XP SP2: http://www.microsof t.com/downloads/details.aspx?FamilyId=281FB2CD-C715-4F05-A01 F-0455D2D9EBFB Windows XP Professional x64 Edition (optionally with SP2): http://www.microsof t.com/downloads/details.aspx?FamilyId=281FB2CD-C715-4F05-A01 F-0455D2D9EBFB Windows Server 2003 SP1/SP2: http://www.microsof t.com/downloads/details.aspx?FamilyId=2495E656-1E0A-4B83-90D A-821E68067A71 Windows Server 2003 with SP1/SP2 for Itanium-based systems: http://www.microsof t.com/downloads/details.aspx?FamilyId=281FB2CD-C715-4F05-A01 F-0455D2D9EBFB Windows Server 2003 x64 Edition (optionally with SP2): http://www.microsof t.com/downloads/details.aspx?FamilyId=281FB2CD-C715-4F05-A01 F-0455D2D9EBFB Windows Vista: http://www.microsof t.com/downloads/details.aspx?FamilyId=7EEA368D-7B82-4583-853 7-30351718A4E9 Windows Vista x64 Edition: http://www.microsof t.com/downloads/details.aspx?FamilyId=7EEA368D-7B82-4583-853 7-30351718A4E9 -- Microsoft .NET Framework 2.0 -- Windows 2000 SP4: http://www.microsof t.com/downloads/details.aspx?FamilyId=BA3CEB78-8E1B-4C38-ADF D-E8BC95AE548D Windows XP SP2: http://www.microsof t.com/downloads/details.aspx?FamilyId=BA3CEB78-8E1B-4C38-ADF D-E8BC95AE548D Windows XP Professional x64 Edition (optionally with SP2): http://www.microsof t.com/downloads/details.aspx?FamilyId=BA3CEB78-8E1B-4C38-ADF D-E8BC95AE548D Windows Server 2003 SP1/SP2 : http://www.microsof t.com/downloads/details.aspx?FamilyId=BA3CEB78-8E1B-4C38-ADF D-E8BC95AE548D Windows Server 2003 with SP1/SP2 for Itanium-based systems: http://www.microsof t.com/downloads/details.aspx?FamilyId=BA3CEB78-8E1B-4C38-ADF D-E8BC95AE548D Windows Server 2003 x64 Edition (optionally with SP2): http://www.microsof t.com/downloads/details.aspx?FamilyId=BA3CEB78-8E1B-4C38-ADF D-E8BC95AE548D Windows Vista: http://www.microsof t.com/downloads/details.aspx?FamilyId=CBC9F3CF-C3C3-45C4-82E 3-E11398BC2CD2 Windows Vista x64 Edition: http://www.microsof t.com/downloads/details.aspx?FamilyId=CBC9F3CF-C3C3-45C4-82E 3-E11398BC2CD2 ORIGINAL ADVISORY: MS07-040 (KB931212): http://www.microsoft.com/technet/security/Bullet in/MS07-040.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/r ules.htm Contact list owner <owner-pcworksimagicomm.com> Unsubscribing and other changes: http://pcworkers.com =====================================================

[1]

about | contact Other archives ( Real Estate discussion Medical topics )