certfr_avis - CERTA-2011-AVI-352

CERTA-2011-AVI-352

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans Microsoft .NET Framework permet à un attaquant d'exécuter du code arbitraire.

Description

Une erreur dans la manière dont Microsoft .NET Framework valide certaines valeurs dans un objet permet à une personne malveillante d'exécuter du code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Microsoft .NET Framework 3.5 :
- Windows XP Service Pack 3 ;
- Windows XP Professional x64 Edition Service Pack 2 ;
- Windows Server 2003 Service Pack 2 ;
- Windows Server 2003 x64 Edition Service Pack 2 ;
- Windows Server 2003 with SP2 for Itanium-based Systems ;
- Windows Vista Service Pack 1 and Windows Vista Service Pack 2 ;
- Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2 ;
- Windows Server 2008 for 32-bit Systems ;
- Windows Server 2008 for x64-based Systems ;
- Windows Server 2008 for Itanium-based Systems ;
Microsoft .NET Framework 3.5 Service Pack 1:
- Windows XP Service Pack 3 ;
- Windows XP Professional x64 Edition Service Pack 2 ;
- Windows Server 2003 Service Pack 2 ;
- Windows Server 2003 x64 Edition Service Pack 2 ;
- Windows Server 2003 with SP2 for Itanium-based Systems ;
- Windows Vista Service Pack 1 and Windows Vista Service Pack 2 ;
- Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2 ;
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 ;
- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 ;
- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2 ;
Microsoft .NET Framework 3.5.1
- Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1 ;
- Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1 ;
- Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1 ;
- Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 ;
Microsoft .NET Framework 4.0
- Windows XP Service Pack 3 ;
- Windows XP Professional x64 Edition Service Pack 2 ;
- Windows Server 2003 Service Pack 2 ;
- Windows Server 2003 x64 Edition Service Pack 2 ;
- Windows Server 2003 with SP2 for Itanium-based Systems ;
- Windows Vista Service Pack 1 and Windows Vista Service Pack 2 ;
- Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2 ;
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 ;
- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 ;
- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2 ;
- Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1 ;
- Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1 ;
- Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1 ;
- Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 ;

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS11-044 du 15 juin 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eMicrosoft .NET Framework 3.5 :      \u003cUL\u003e        \u003cLI\u003eWindows XP Service Pack 3 ;\u003c/LI\u003e        \u003cLI\u003eWindows XP Professional x64 Edition Service Pack 2        ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2003 Service Pack 2 ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2003 x64 Edition Service Pack 2 ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2003 with SP2 for Itanium-based Systems        ;\u003c/LI\u003e        \u003cLI\u003eWindows Vista Service Pack 1 and Windows Vista Service        Pack 2 ;\u003c/LI\u003e        \u003cLI\u003eWindows Vista x64 Edition Service Pack 1 and Windows        Vista x64 Edition Service Pack 2 ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2008 for 32-bit Systems ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2008 for x64-based Systems ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2008 for Itanium-based Systems ;\u003c/LI\u003e      \u003c/UL\u003e    \u003c/LI\u003e    \u003cLI\u003eMicrosoft .NET Framework 3.5 Service Pack 1:      \u003cUL\u003e        \u003cLI\u003eWindows XP Service Pack 3 ;\u003c/LI\u003e        \u003cLI\u003eWindows XP Professional x64 Edition Service Pack 2        ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2003 Service Pack 2 ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2003 x64 Edition Service Pack 2 ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2003 with SP2 for Itanium-based Systems        ;\u003c/LI\u003e        \u003cLI\u003eWindows Vista Service Pack 1 and Windows Vista Service        Pack 2 ;\u003c/LI\u003e        \u003cLI\u003eWindows Vista x64 Edition Service Pack 1 and Windows        Vista x64 Edition Service Pack 2 ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2008 for 32-bit Systems and Windows        Server 2008 for 32-bit Systems Service Pack 2 ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2008 for x64-based Systems and Windows        Server 2008 for x64-based Systems Service Pack 2 ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2008 for Itanium-based Systems and        Windows Server 2008 for Itanium-based Systems Service Pack        2 ;\u003c/LI\u003e      \u003c/UL\u003e    \u003c/LI\u003e    \u003cLI\u003eMicrosoft .NET Framework 3.5.1      \u003cUL\u003e        \u003cLI\u003eWindows 7 for 32-bit Systems and Windows 7 for 32-bit        Systems Service Pack 1 ;\u003c/LI\u003e        \u003cLI\u003eWindows 7 for x64-based Systems and Windows 7 for        x64-based Systems Service Pack 1 ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2008 R2 for x64-based Systems and        Windows Server 2008 R2 for x64-based Systems Service Pack 1        ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2008 R2 for Itanium-based Systems and        Windows Server 2008 R2 for Itanium-based Systems Service        Pack 1 ;\u003c/LI\u003e      \u003c/UL\u003e    \u003c/LI\u003e    \u003cLI\u003eMicrosoft .NET Framework 4.0      \u003cUL\u003e        \u003cLI\u003eWindows XP Service Pack 3 ;\u003c/LI\u003e        \u003cLI\u003eWindows XP Professional x64 Edition Service Pack 2        ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2003 Service Pack 2 ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2003 x64 Edition Service Pack 2 ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2003 with SP2 for Itanium-based Systems        ;\u003c/LI\u003e        \u003cLI\u003eWindows Vista Service Pack 1 and Windows Vista Service        Pack 2 ;\u003c/LI\u003e        \u003cLI\u003eWindows Vista x64 Edition Service Pack 1 and Windows        Vista x64 Edition Service Pack 2 ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2008 for 32-bit Systems and Windows        Server 2008 for 32-bit Systems Service Pack 2 ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2008 for x64-based Systems and Windows        Server 2008 for x64-based Systems Service Pack 2 ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2008 for Itanium-based Systems and        Windows Server 2008 for Itanium-based Systems Service Pack        2 ;\u003c/LI\u003e        \u003cLI\u003eWindows 7 for 32-bit Systems and Windows 7 for 32-bit        Systems Service Pack 1 ;\u003c/LI\u003e        \u003cLI\u003eWindows 7 for x64-based Systems and Windows 7 for        x64-based Systems Service Pack 1 ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2008 R2 for x64-based Systems and        Windows Server 2008 R2 for x64-based Systems Service Pack 1        ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2008 R2 for Itanium-based Systems and        Windows Server 2008 R2 for Itanium-based Systems Service        Pack 1 ;\u003c/LI\u003e      \u003c/UL\u003e    \u003c/LI\u003e  \u003c/UL\u003e",
  "content": "## Description\n\nUne erreur dans la mani\u00e8re dont Microsoft .NET Framework valide\ncertaines valeurs dans un objet permet \u00e0 une personne malveillante\nd\u0027ex\u00e9cuter du code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1271"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-352",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-06-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans Microsoft .NET Framework permet \u00e0 un attaquant\nd\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft .NET Framework",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-044 du 15 juin 2011",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS11-044.mspx"
    }
  ]
}

CVE-2011-1271 (GCVE-0-2011-1271)

Vulnerability from cvelistv5 – Published: 2011-05-10 19:00 – Updated: 2024-10-17 18:54

Summary

The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework JIT Optimization Vulnerability."

Severity ?

7.7 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

CWE

Assigner

microsoft

References

URL

Tags

	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://stackoverflow.com/questions/2135509/bug-on…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:21:34.194Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:12686",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12686"
          },
          {
            "name": "MS11-044",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-044"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://stackoverflow.com/questions/2135509/bug-only-occurring-when-compile-optimization-enabled/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": ".net_framework",
            "vendor": "microsoft",
            "versions": [
              {
                "status": "affected",
                "version": "3.5 Gold"
              },
              {
                "status": "affected",
                "version": "3.5 SP1"
              },
              {
                "status": "affected",
                "version": "3.5.1"
              },
              {
                "status": "affected",
                "version": "4.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 7.7,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2011-1271",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-10T21:02:50.315551Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-17T18:54:02.496Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-01-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \".NET Framework JIT Optimization Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:12686",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12686"
        },
        {
          "name": "MS11-044",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-044"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://stackoverflow.com/questions/2135509/bug-only-occurring-when-compile-optimization-enabled/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2011-1271",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \".NET Framework JIT Optimization Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:12686",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12686"
            },
            {
              "name": "MS11-044",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-044"
            },
            {
              "name": "http://stackoverflow.com/questions/2135509/bug-only-occurring-when-compile-optimization-enabled/",
              "refsource": "MISC",
              "url": "http://stackoverflow.com/questions/2135509/bug-only-occurring-when-compile-optimization-enabled/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2011-1271",
    "datePublished": "2011-05-10T19:00:00",
    "dateReserved": "2011-03-04T00:00:00",
    "dateUpdated": "2024-10-17T18:54:02.496Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTA-2011-AVI-352

Description

Solution

CVE-2011-1271 (GCVE-0-2011-1271)

Tags

Sightings

Nomenclature