Microsoft DotNet Framework CLR Remote Code Execution Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	10/13/2009
Severity:	High
Operating Systems Affected:	Microsoft Windows 2000 Service Pack 4 Windows XP SP 2 & SP 3 Windows XP Professional x64 Edition SP 2 Windows Server 2003 SP 2 Windows Server 2003 x64 Edition SP 2 Windows Server 2003 SP2 for Itanium-based Systems Windows Vista Windows Vista SP 1 & SP 2 Windows Vista x64 Edition Windows Vista x64 Edition SP 1 & SP 2 Windows Server 2008 for 32-bit Systems Windows Server 2008 for 32-bit Systems SP 2 Windows Server 2008 for x64-based Systems Windows Server 2008 for x64-based Systems SP 2 Windows Server 2008 for Itanium-based Systems Windows Server 2008 for Itanium-based Systems SP 2
Application Affected:	Microsoft .NET Framework 1.0 SP 3 Microsoft .NET Framework 1.1 SP 1 Microsoft .NET Framework 2.0 SP 2 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5 SP 1
Identifiers:	CVE-2009-2497

Synopsis

Microsoft DotNet framework and Silverlight application is prone to a remote code execution vulnerability due to failure in handling memory allocation while running a malicious DotNet application.

Recommended Actions

Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms09-061.mspx

Threat Analysis

The Microsoft DotNET Framework is a software framework that can be installed on computers running Microsoft Windows operating systems.

Remote code execution vulnerability has been reported in Microsoft DotNet Framework and Silverlight application. Vulnerability occurs when a malformed DotNet application fails to allocate proper memory.

Successful exploitation of this vulnerability could allow remote attacker use malicious DotNet application to execute arbitrary code with privileges of the currently logged-in user.

References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2497

Write-up by: Anupam Kumar