فا

‫ Microsoft .NET Framework / Silverlight Two Vulnerabilities

IRCAD2012021723
ID:IRCAD2012021723
Release Date: 2012-02-14
Criticality level: Highly critical
Software:
Microsoft .NET Framework 2.x
Microsoft .NET Framework 3.x
Microsoft .NET Framework 4.x
Microsoft Silverlight 4.x
 
Description:
Two vulnerabilities have been reported in Microsoft .NET Framework and Microsoft Silverlight, which can be exploited by malicious people to compromise a user's system.
1)    An unspecified error when handling un-managed objects can be exploited via e.g. a specially crafted XAML Browser Application (XBAP).
2)    An error when calculating certain buffer lengths can be exploited to corrupt memory via e.g. a specially crafted XAML Browser Application (XBAP).
Successful exploitation of the vulnerabilities allows execution of arbitrary code, but requires a browser that can run a XAML Browser Application (XBAP) or Silverlight application.
 
Solution:
Apply patches.
Windows XP Service Pack 3:
 
Windows XP Professional x64 Edition Service Pack 2:
 
Windows Server 2003 Service Pack 2:
 
Windows Server 2003 x64 Edition Service Pack 2:
 
Windows Server 2003 with SP2 for Itanium-based Systems:
 
Windows Vista Service Pack 2:
 
Windows Vista x64 Edition Service Pack 2:
 
Windows Server 2008 for 32-bit Systems Service Pack 2:
 
Windows Server 2008 for x64-based Systems Service Pack 2:
 
Windows Server 2008 for Itanium-based Systems Service Pack 2:
 
Windows 7 for 32-bit Systems:
 
Windows 7 for 32-bit Systems Service Pack 1:
 
Windows 7 for x64-based Systems:
 
Windows 7 for x64-based Systems Service Pack 1:
 
Windows Server 2008 R2 for x64-based Systems:
 
Windows Server 2008 R2 for x64-based Systems Service Pack 1:
 
Windows Server 2008 R2 for Itanium-based Systems:
 
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:
 
Microsoft Silverlight 4 when installed on Mac (KB2668562)
Microsoft Silverlight 4 when installed on all supported releases of Microsoft Windows clients (KB2668562)
Microsoft Silverlight 4 when installed on all supported releases of Microsoft Windows servers (KB2668562)
 
References:
MS12-016 (KB2633870, KB2633873, KB2633874, KB2633879, KB2633880, KB2668562):
 
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 26 بهمن 1390

امتیاز

امتیاز شما
تعداد امتیازها:0