ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA26003] Microsoft .NET Framework Multiple Vulnerabilities



>
> TITLE:
> Microsoft .NET Framework Multiple Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA26003
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/26003/
>
> CRITICAL:
> Moderately critical
>
> IMPACT:
> Exposure of system information, Exposure of sensitive information,
> System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Microsoft .NET Framework 1.x
> http://secunia.com/product/667/
> Microsoft .NET Framework 2.x
> http://secunia.com/product/6456/
>
> DESCRIPTION:
> Some vulnerabilities have been reported in Microsoft .NET Framework,
> which can be exploited by malicious people to disclose potentially
> sensitive information or compromise a user's system.
>
> 1) A boundary error in the PE Loader can be exploited to execute
> arbitrary code with permissions of the logged-on user when the user
> is tricked into visiting a malicious web page and performs certain
> actions.
>
> This vulnerability does not affect the .NET Framework when installed
> on Windows Vista.
>
> 2) An error exists in ASP.NET when processing URLs containing
> NULL-bytes, which can be exploited to disclose potentially sensitive
> information by gaining unauthorised access to certain parts of a web
> site via specially crafted requests.
>
> 3) A boundary error in the Just In Time Compiler (JIT) can be
> exploited to execute arbitrary code with permissions of the logged-on
> user when the user is tricked into visiting a malicious web page and
> performs certain actions.
>
> This vulnerability only affects .NET Framework 2.0 and does not
> affect the .NET Framework when installed on Windows Vista.
>
> SOLUTION:
> Apply patches.
>
> -- Microsoft .NET Framework 1.0 --
>
> Windows 2000 SP4:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7A
> FE4-069B-4CE8-976E-9A01345A8603
>
> Windows XP SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7A
> FE4-069B-4CE8-976E-9A01345A8603
>
> Windows XP Professional x64 Edition (optionally with SP2):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7A
> FE4-069B-4CE8-976E-9A01345A8603
>
> Windows XP Tablet PC Edition 2005 and Windows XP Media Center Edition
> 2005:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=829A2
> C5B-11EC-4ED7-91AB-6961034147BC
>
> Windows Server 2003 SP1/SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7A
> FE4-069B-4CE8-976E-9A01345A8603
>
> Windows Server 2003 with SP1/SP2 for Itanium-based systems :
> http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7A
> FE4-069B-4CE8-976E-9A01345A8603
>
> Windows Server 2003 x64 Edition (optionally with SP2):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7A
> FE4-069B-4CE8-976E-9A01345A8603
>
> Windows Vista:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7A
> FE4-069B-4CE8-976E-9A01345A8603
>
> -- Microsoft .NET Framework 1.1 --
>
> Windows 2000 SP4:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=281FB
> 2CD-C715-4F05-A01F-0455D2D9EBFB
>
> Windows XP SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=281FB
> 2CD-C715-4F05-A01F-0455D2D9EBFB
>
> Windows XP Professional x64 Edition (optionally with SP2):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=281FB
> 2CD-C715-4F05-A01F-0455D2D9EBFB
>
> Windows Server 2003 SP1/SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=2495E
> 656-1E0A-4B83-90DA-821E68067A71
>
> Windows Server 2003 with SP1/SP2 for Itanium-based systems:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=281FB
> 2CD-C715-4F05-A01F-0455D2D9EBFB
>
> Windows Server 2003 x64 Edition (optionally with SP2):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=281FB
> 2CD-C715-4F05-A01F-0455D2D9EBFB
>
> Windows Vista:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=7EEA3
> 68D-7B82-4583-8537-30351718A4E9
>
> Windows Vista x64 Edition:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=7EEA3
> 68D-7B82-4583-8537-30351718A4E9
>
> -- Microsoft .NET Framework 2.0 --
>
> Windows 2000 SP4:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=BA3CE
> B78-8E1B-4C38-ADFD-E8BC95AE548D
>
> Windows XP SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=BA3CE
> B78-8E1B-4C38-ADFD-E8BC95AE548D
>
> Windows XP Professional x64 Edition (optionally with SP2):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=BA3CE
> B78-8E1B-4C38-ADFD-E8BC95AE548D
>
> Windows Server 2003 SP1/SP2 :
> http://www.microsoft.com/downloads/details.aspx?FamilyId=BA3CE
> B78-8E1B-4C38-ADFD-E8BC95AE548D
>
> Windows Server 2003 with SP1/SP2 for Itanium-based systems:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=BA3CE
> B78-8E1B-4C38-ADFD-E8BC95AE548D
>
> Windows Server 2003 x64 Edition (optionally with SP2):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=BA3CE
> B78-8E1B-4C38-ADFD-E8BC95AE548D
>
> Windows Vista:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=CBC9F
> 3CF-C3C3-45C4-82E3-E11398BC2CD2
>
> Windows Vista x64 Edition:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=CBC9F
> 3CF-C3C3-45C4-82E3-E11398BC2CD2
>
> PROVIDED AND/OR DISCOVERED BY:
> 1) The vendor credits Dinis Cruz, OWASP.
> 2) The vendor credits Paul Craig, Security Assessment.
> 3) The vendor credits Jeroen Frijters, Sumatra.
>
> ORIGINAL ADVISORY:
> MS07-040 (KB931212):
> http://www.microsoft.com/technet/security/Bulletin/MS07-040.mspx
>



 




Copyright © Lexa Software, 1996-2009.