Jump to content

MS11-100 - Critical : Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420)

Featured Replies

Posted
  • FPCH Admin

Severity Rating: Critical

Revision Note: V1.4 (May 11, 2012): Added entry to the update FAQ to announce that KB2656353, offered in this bulletin, also addresses CVE-2012-0160 and CVE-2012-0161, which are documented in MS12-035.

Summary: This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of these vulnerabilities could allow elevation of privilege if an unauthenticated attacker sends a specially crafted web request to the target site. An attacker who successfully exploited this vulnerability could take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands. In order to exploit this vulnerability, an attacker must be able to register an account on the ASP.NET site, and must know an existing user name.

 

View this security bulletin

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...