Secunia SmallBusiness
Overview
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading

Secunia Advisory SA46406

Microsoft .NET Framework / Silverlight Class Inheritance Restriction Vulnerability
Secunia Advisory SA46406
Secunia VIM 4.0 - Free Trial
Release Date 2011-10-11
   
Popularity 7,857 views
Comments 12 comments

Criticality level Highly criticalHighly critical
Impact System access
Where From remote
Authentication level This information is available to Secunia VIM customers
   
Report reliability This information is available to Secunia VIM customers
Solution Status Vendor Patch
   
Systems affected This information is available to Secunia VIM customers
Approve distribution This information is available to Secunia VIM customers
Remediation status Secunia CSI, Secunia PSI
Automated scanning Secunia CSI, Secunia PSI
   
Software:
Microsoft .NET Framework 1.x
Microsoft .NET Framework 2.x
Microsoft .NET Framework 3.x
Microsoft .NET Framework 4.x
Microsoft Silverlight 4.x
Secunia CVSS Score This information is available to Secunia VIM Customers
CVE Reference(s) CVE-2011-1253 CVSS score available to Secunia VIM customers
  

Description

A vulnerability has been reported in Microsoft .NET Framework and Microsoft Silverlight, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error when restricting inheritance within classes and can be exploited via a specially crafted web page.

Successful exploitation allows execution of arbitrary code, but requires a browser that can run XAML Browser Applications (XBAPs) or Silverlight applications.


Solution
Apply patches.
Further details available to Secunia VIM customers

Provided and/or discovered by
The vendor credits an anonymous person via SecuriTeam Secure Disclosure program.

Original Advisory
MS11-078 (KB2572066, KB2572067, KB2572069, KB2572073, KB2572075, KB2572076, KB2572077, KB2572078, KB2617986):
http://technet.microsoft.com/en-us/security/bulletin/ms11-078

Alternate/detailed remediation
Further details available in Customer Area

Deep Links
Links available to Secunia VIM customers


Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Microsoft .NET Framework / Silverlight Class Inheritance Restriction Vulnerability
 
User Message
Spud57 RE: Microsoft .NET Framework / Silverlight Class Inheritance Restriction Vulnerability
Member 6th Dec, 2011 20:15
Score: 0
Posts: 2
User Since: 13th Feb 2009
System Score: N/A
Location: US
Last edited on 6th Dec, 2011 20:15		 PSI 2.0 has just begun (12-6-2011) reporting KB2539636 as not installed on my system (Win XP SP3) and as an issue for .NET Framework 2.x and for .NET Framework 3.x. However, it is installed as an update to .NET Framework 4.0 and is shown as such iis the Add or Remove Programs list. Is this a screening issue for PSI 2.0?

--
Ciao,
Spud57
Was this reply relevant?
+0
-0
Spud57 RE: Microsoft .NET Framework / Silverlight Class Inheritance Restriction Vulnerability
Member 7th Dec, 2011 14:53
Score: 0
Posts: 2
User Since: 13th Feb 2009
System Score: N/A
Location: US
 Comment withdrawn with regrets to all. A second system screen resolved this.

--
Ciao,
Spud57
Was this reply relevant?
+0
-0
DavidOn RE: Microsoft .NET Framework / Silverlight Class Inheritance Restriction Vulnerability
Member 12th Dec, 2011 18:33
Score: 0
Posts: 9
User Since: 30th Dec 2010
System Score: N/A
Location: IE
Last edited on 12th Dec, 2011 18:33		 I ran PSI 2.0 for the first time in a few weeks and was told that "Microsoft Silverlight 4.0" was end-of-life. I had just run Windows Update, but I ran it again and it found nothing. I re-ran the scan and it still gives me the issue.

I'm running XPSP3 in (XP Mode). The installed version of Silverlight is 4.0.60831.0, which is the latest according to http://www.microsoft.com/getsilverlight/Get-Starte...

Regards,
Brian.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft .NET Framework / Silverlight Class Inheritance Restriction Vulnerability
Handling Contributor 12th Dec, 2011 18:37
Score: 10495
Posts: 8,057
User Since: 4th Jan 2009
System Score: 100%
Location: UK
 Brian,
Update using this link:
http://www.microsoft.com/silverlight/

Run a full PSI scan & U will see it has been registered & updated.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 10 for Windows 7
16GB RAM
Was this reply relevant?
+1
-0

DavidOn

 RE: Microsoft .NET Framework / Silverlight Class Inheritance Restriction Vulnerability
[+]
This reply has been deleted

DavidOn

 RE: Microsoft .NET Framework / Silverlight Class Inheritance Restriction Vulnerability
[+]
This reply has been deleted

DavidOn

 RE: Microsoft .NET Framework / Silverlight Class Inheritance Restriction Vulnerability
[+]
This reply has been deleted
DavidOn RE: Microsoft .NET Framework / Silverlight Class Inheritance Restriction Vulnerability
Member 12th Dec, 2011 23:56
Score: 0
Posts: 9
User Since: 30th Dec 2010
System Score: N/A
Location: IE
Last edited on 12th Dec, 2011 23:56		 Thanks, Maurice. I just came across http://www.theregister.co.uk/2011/12/10/microsoft_... - it looks as if Secunia is more up to date than Microsoft!

(Apologies to all for the duplicate post.)

Regards,
Brian.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft .NET Framework / Silverlight Class Inheritance Restriction Vulnerability
Handling Contributor 12th Dec, 2011 23:58
Score: 10495
Posts: 8,057
User Since: 4th Jan 2009
System Score: 100%
Location: UK
 Brian,
U keep recreating new duplicate posts - have U got a problem using the Forum?

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 10 for Windows 7
16GB RAM
Was this reply relevant?
+0
-0
DavidOn RE: Microsoft .NET Framework / Silverlight Class Inheritance Restriction Vulnerability
Member 13th Dec, 2011 00:02
Score: 0
Posts: 9
User Since: 30th Dec 2010
System Score: N/A
Location: IE
Last edited on 13th Dec, 2011 00:02		 Maurice,

I didn't think so - until I refreshed the page (http://secunia.com/advisories/46406/) a couple of minutes ago and this apparently duplicated my earlier post.

Any ideas what I'm doing wrong?

Thanks,
Brian.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft .NET Framework / Silverlight Class Inheritance Restriction Vulnerability
Handling Contributor 13th Dec, 2011 00:04
Score: 10495
Posts: 8,057
User Since: 4th Jan 2009
System Score: 100%
Location: UK
 Nothing if U are not pressing REPLY. Very odd - I will delete your duplicates again & see what happens.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 10 for Windows 7
16GB RAM
Was this reply relevant?
+1
-0
DavidOn RE: Microsoft .NET Framework / Silverlight Class Inheritance Restriction Vulnerability
Member 13th Dec, 2011 00:12
Score: 0
Posts: 9
User Since: 30th Dec 2010
System Score: N/A
Location: IE
Last edited on 13th Dec, 2011 00:12		 Thanks, Maurice. Sorry to be a damn nuisance. I'll stay out of here after this post.

(BTW, this time, I copied the URL, closed the page, opened a new one and pasted in the URL.)
Was this reply relevant?
+0
-0

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom
 
© 2002-2013 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability