Critical Vulnerability Discovered in Microsoft .NET Framework and Silverlight
( Microsoft Security Bulletin MS11-078, CVE-2011-1253 )
Summary
A vulnerability has been discovered in the .NET framework and Microsoft Silverlight that can be exploited to allow an attacker to perform remote code execution on a targeted machine. The Check Point IPS Software Blade provides network protection against this issue.
Details
The Microsoft .NET framework is a software framework that runs primarily on Microsoft Windows, which includes a large library of functions and supports several programming languages.
Microsoft Silverlight is an application framework that integrates multimedia, graphics, animations and interactivity into a single runtime environment.
This vulnerability could allow remote code execution on a client system if a user views a maliciously crafted Web page using a Web browser that can run Silverlight applications. The vulnerability could also allow remote code execution on a server system running Internet Information Services (IIS) if the server allows the processing of ASP.NET pages. This vulnerability could also be used by Windows .NET applications to bypass code access security restrictions.
Affected Products
Consult CPAI-2011-467 to see information on which versions of Internet Explorer are susceptible to specific vulnerabilities.
Solution
The patch described in Microsoft Security Bulletin MS11-078 should be deployed as soon as is practical. In the meantime, the Check Point IPS Software Blade provides immediate network protection of unpatched systems against all of these issues in the latest IPS update, by detecting and blocking attempts to exploit this vulnerability. For more information, see CPAI-2011-467.
Originally Published:
Last Updated: 11-Oct-2011