MS11-078 MS11-078 - Critical : Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930) - Version: 1.3
Version2012-07-10
Severity Rating: Critical
Revision Note: V1.3 (July 10, 2012): Microsoft revised this bulletin to communicate a minor detection change for KB2572073 for Microsoft .NET Framework 2.0 Service Pack 2 to correct an offering issue. There were no changes to the security update files. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if
Bulletin details at Microsoft.com
Bulletin details at Microsoft.com
Related CVE Entries
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."
Max CVSS
9.3
EPSS Score
14.27%
Published
2011-10-12
Updated
2023-12-07