Vulnerabilities in .NET Framework Could Allow Elevation of Privilege

added by pwhe23
1/6/2012 8:39:48 AM

4 Kicks, 232 Views

This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of these vulnerabilities could allow elevation of privilege if an unauthenticated attacker sends a specially crafted web request to the target site. An attacker who successfully exploited this vulnerability could take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands. In order to exploit this vulnerability, an attacker must be able to register an account on the ASP.NET site, and must know an existing user name.


1/6/2012 11:04:05 AM
It would appear .Net 4 isn't effected, which is good for me.

1/6/2012 12:40:11 PM
Where did you read that? The article says it is for all versions of .NET which includes 4.0.

This security update is rated Critical for Microsoft .NET Framework 1.1 Service Pack 1, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5 Service Pack 1, Microsoft .NET Framework 3.5.1, and Microsoft .NET Framework 4 on all supported editions of Microsoft Windows.

1/6/2012 1:58:22 PM
Oops, I misread the addendum relating to .Net 4. I thought it said that he vulnerability didn't effect them. Thanks for pointing it out.