Skip to main content

Microsoft .NET Framework Multiple Vulnerabilities( 14 October 2009 )

Last Update Date: 28 Jan 2011 Release Date: 14 Oct 2009 4877 Views

RISK: Medium Risk

1. Microsoft .NET Framework Pointer Verification Vulnerability

A remote code execution vulnerability exists in the Microsoft .NET Framework that could allow a malicious Microsoft .NET application to obtain a managed pointer to stack memory that is no longer used. The malicious Microsoft .NET application could then use this pointer to modify legitimate values placed at that stack location later, leading to arbitrary unmanaged code execution. Microsoft .NET applications that are not malicious are not at risk for being compromised because of this vulnerability.

2. Microsoft .NET Framework Type Verification Vulnerability

A remote code execution vulnerability exists in the Microsoft .NET Framework that could allow a malicious Microsoft .NET application to bypass a type equality check. The malicious Microsoft .NET application could exploit this vulnerability by casting an object of one type into another type, leading to arbitrary unmanaged code execution. Microsoft .NET applications that are not malicious are not at risk for being compromised because of this vulnerability.

3. Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability

A remote code execution vulnerability exists in the Microsoft .NET Framework that can allow a malicious Microsoft .NET application or a malicious Silverlight application to modify memory of the attacker's choice, leading to arbitrary unmanaged code execution. Microsoft .NET applications and Silverlight applications that are not malicious are not at risk for being compromised because of this vulnerability.


Impact

  • Remote Code Execution

System / Technologies affected

  • Microsoft Windows 2000
  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Microsoft .NET Framework 1.0
  • Microsoft .NET Framework 1.1
  • Microsoft .NET Framework 2.0
  • Microsoft .NET Framework 3.5
  • Microsoft Silverlight 2

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Download locations for this patch


Vulnerability Identifier


Source


Related Link