Microsoft .NET Framework Multiple Vulnerabilities( 14 October 2009 )
RISK: Medium Risk
1. Microsoft .NET Framework Pointer Verification Vulnerability
A remote code execution vulnerability exists in the Microsoft .NET Framework that could allow a malicious Microsoft .NET application to obtain a managed pointer to stack memory that is no longer used. The malicious Microsoft .NET application could then use this pointer to modify legitimate values placed at that stack location later, leading to arbitrary unmanaged code execution. Microsoft .NET applications that are not malicious are not at risk for being compromised because of this vulnerability.
2. Microsoft .NET Framework Type Verification Vulnerability
A remote code execution vulnerability exists in the Microsoft .NET Framework that could allow a malicious Microsoft .NET application to bypass a type equality check. The malicious Microsoft .NET application could exploit this vulnerability by casting an object of one type into another type, leading to arbitrary unmanaged code execution. Microsoft .NET applications that are not malicious are not at risk for being compromised because of this vulnerability.
3. Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability
A remote code execution vulnerability exists in the Microsoft .NET Framework that can allow a malicious Microsoft .NET application or a malicious Silverlight application to modify memory of the attacker's choice, leading to arbitrary unmanaged code execution. Microsoft .NET applications and Silverlight applications that are not malicious are not at risk for being compromised because of this vulnerability.
Impact
- Remote Code Execution
System / Technologies affected
- Microsoft Windows 2000
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
- Microsoft .NET Framework 1.0
- Microsoft .NET Framework 1.1
- Microsoft .NET Framework 2.0
- Microsoft .NET Framework 3.5
- Microsoft Silverlight 2
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch
- Microsoft Windows 2000 Service Pack 4
- Microsoft .NET Framework 1.1 Service Pack 1 (KB953297)
- Microsoft .NET Framework 2.0 Service Pack 1 (KB953300)
- Microsoft .NET Framework 2.0 Service Pack 2 (KB974417) - Windows XP Service Pack 2 and Windows XP Service Pack 3
- Microsoft .NET Framework 1.0 Service Pack 3 (KB953295) (Media Center Edition 2005 and Tablet PC Edition 2005 only)
- Microsoft .NET Framework 1.1 Service Pack 1 (KB953297)
- Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5 (KB953300)
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1 (KB974417) - Windows XP Professional x64 Edition Service Pack 2
- Microsoft .NET Framework 1.1 Service Pack 1 (KB953297)
- Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5 (KB953300)
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1 (KB974417) - Windows Server 2003 Service Pack 2
- Microsoft .NET Framework 1.1 Service Pack 1(KB953298)
- Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5(KB953300)
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1(KB974417) - Windows Server 2003 x64 Edition Service Pack 2
- Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5 (KB953300)
- Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5 (KB953300)
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1 (KB974417) - Windows Server 2003 with SP2 for Itanium-based Systems
- Microsoft .NET Framework 1.1 Service Pack 1 (KB953297) - Windows Server 2003 with SP2 for Itanium-based Systems
- Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5 (KB953300)
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1 (KB974417) - Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
- Microsoft .NET Framework 1.1 Service Pack 1 (KB953297) - Windows Vista
- Microsoft .NET Framework 2.0 (KB974468)
- Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5 (KB974292)
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1 (KB974467) - Windows Vista Service Pack 1
- Microsoft .NET Framework 2.0 Service Pack 1 (KB974291)
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1(KB974469) - Windows Vista Service Pack 2
- Microsoft .NET Framework 2.0 Service Pack 2 (KB974470) - Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
- Microsoft .NET Framework 1.1 Service Pack 1 (KB953297) - Windows Vista x64 Edition
- Microsoft .NET Framework 2.0 (KB974468)
- Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5 (KB974292)
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1 (KB974467) - Windows Vista x64 Edition Service Pack 1
- Microsoft .NET Framework 2.0 Service Pack 1 (KB974291)
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1 (KB974469) - Windows Vista x64 Edition Service Pack 2
- Microsoft .NET Framework 2.0 Service Pack 2 (KB974470) - Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
- Microsoft .NET Framework 1.1 Service Pack 1 (KB953297) - Windows Server 2008 for 32-bit Systems
- Microsoft .NET Framework 2.0 Service Pack 1 (KB974291)
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1(KB974469) - Windows Server 2008 for 32-bit Systems Service Pack 2
- Microsoft .NET Framework 2.0 Service Pack 2 (KB974470) - Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
- Microsoft .NET Framework 1.1 Service Pack 1 (KB953297) - Windows Server 2008 for x64-based Systems
- Microsoft .NET Framework 2.0 Service Pack 1 (KB974291)
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1 (KB974469) - Windows Server 2008 for x64-based Systems Service Pack 2
- Microsoft .NET Framework 2.0 Service Pack 2 (KB974470) - Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
- Microsoft .NET Framework 1.1 Service Pack 1 (KB953297) - Windows Server 2008 for Itanium-based Systems
- Microsoft .NET Framework 2.0 Service Pack 1 (KB974291)
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1 (KB974469) - Windows Server 2008 for Itanium-based Systems Service Pack 2
- Microsoft .NET Framework 2.0 Service Pack 2 (KB974470) - Windows 7 for 32-bit Systems
- Microsoft .NET Framework 1.1 Service Pack 1 (KB953297) - Windows 7 for x64-based Systems
- Microsoft .NET Framework 1.1 Service Pack 1 (KB953297) - Windows Server 2008 R2 for x64-based Systems
- Microsoft .NET Framework 1.1 Service Pack 1 (KB953297) - Windows Server 2008 R2 for Itanium-based Systems
- Microsoft .NET Framework 1.1 Service Pack 1 (KB953297) - Microsoft Silverlight 2 when installed on Mac (KB970363)
- Microsoft Silverlight 2 when installed on all releases of Microsoft Windows clients (KB970363)
- Microsoft Silverlight 2 when installed on all releases of Microsoft Windows servers (KB970363)
Vulnerability Identifier
Source
Related Link
Share with