---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. ---------------------------------------------------------------------- TITLE: Microsoft .NET Framework Multiple Vulnerabilities SECUNIA ADVISORY ID: SA26003 VERIFY ADVISORY: http://secunia.com/advisories/26003/ CRITICAL: Moderately critical IMPACT: Exposure of system information, Exposure of sensitive information, System access WHERE: >From remote SOFTWARE: Microsoft .NET Framework 1.x http://secunia.com/product/667/ Microsoft .NET Framework 2.x http://secunia.com/product/6456/ DESCRIPTION: Some vulnerabilities have been reported in Microsoft .NET Framework, which can be exploited by malicious people to disclose potentially sensitive information or compromise a user's system. 1) A boundary error in the PE Loader can be exploited to execute arbitrary code with permissions of the logged-on user when the user is tricked into visiting a malicious web page and performs certain actions. This vulnerability does not affect the .NET Framework when installed on Windows Vista. 2) An error exists in ASP.NET when processing URLs containing NULL-bytes, which can be exploited to disclose potentially sensitive information by gaining unauthorised access to certain parts of a web site via specially crafted requests. 3) A boundary error in the Just In Time Compiler (JIT) can be exploited to execute arbitrary code with permissions of the logged-on user when the user is tricked into visiting a malicious web page and performs certain actions. This vulnerability only affects .NET Framework 2.0 and does not affect the .NET Framework when installed on Windows Vista. SOLUTION: Apply patches. -- Microsoft .NET Framework 1.0 -- Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976E-9A01345A8603 Windows XP SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976E-9A01345A8603 Windows XP Professional x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976E-9A01345A8603 Windows XP Tablet PC Edition 2005 and Windows XP Media Center Edition 2005: http://www.microsoft.com/downloads/details.aspx?FamilyId=829A2C5B-11EC-4ED7-91AB-6961034147BC Windows Server 2003 SP1/SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976E-9A01345A8603 Windows Server 2003 with SP1/SP2 for Itanium-based systems : http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976E-9A01345A8603 Windows Server 2003 x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976E-9A01345A8603 Windows Vista: http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976E-9A01345A8603 -- Microsoft .NET Framework 1.1 -- Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=281FB2CD-C715-4F05-A01F-0455D2D9EBFB Windows XP SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=281FB2CD-C715-4F05-A01F-0455D2D9EBFB Windows XP Professional x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyId=281FB2CD-C715-4F05-A01F-0455D2D9EBFB Windows Server 2003 SP1/SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=2495E656-1E0A-4B83-90DA-821E68067A71 Windows Server 2003 with SP1/SP2 for Itanium-based systems: http://www.microsoft.com/downloads/details.aspx?FamilyId=281FB2CD-C715-4F05-A01F-0455D2D9EBFB Windows Server 2003 x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyId=281FB2CD-C715-4F05-A01F-0455D2D9EBFB Windows Vista: http://www.microsoft.com/downloads/details.aspx?FamilyId=7EEA368D-7B82-4583-8537-30351718A4E9 Windows Vista x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=7EEA368D-7B82-4583-8537-30351718A4E9 -- Microsoft .NET Framework 2.0 -- Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=BA3CEB78-8E1B-4C38-ADFD-E8BC95AE548D Windows XP SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=BA3CEB78-8E1B-4C38-ADFD-E8BC95AE548D Windows XP Professional x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyId=BA3CEB78-8E1B-4C38-ADFD-E8BC95AE548D Windows Server 2003 SP1/SP2 : http://www.microsoft.com/downloads/details.aspx?FamilyId=BA3CEB78-8E1B-4C38-ADFD-E8BC95AE548D Windows Server 2003 with SP1/SP2 for Itanium-based systems: http://www.microsoft.com/downloads/details.aspx?FamilyId=BA3CEB78-8E1B-4C38-ADFD-E8BC95AE548D Windows Server 2003 x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyId=BA3CEB78-8E1B-4C38-ADFD-E8BC95AE548D Windows Vista: http://www.microsoft.com/downloads/details.aspx?FamilyId=CBC9F3CF-C3C3-45C4-82E3-E11398BC2CD2 Windows Vista x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=CBC9F3CF-C3C3-45C4-82E3-E11398BC2CD2 PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Dinis Cruz, OWASP. 2) The vendor credits Paul Craig, Security Assessment. 3) The vendor credits Jeroen Frijters, Sumatra. ORIGINAL ADVISORY: MS07-040 (KB931212): http://www.microsoft.com/technet/security/Bulletin/MS07-040.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------