CVE-2011-1271 in .NET Frameworkinformazioni

Riassunto

di MITRE

The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework JIT Optimization Vulnerability."

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

04/03/2011

Divulgazione

10/05/2011

Moderazione

accettato

Voce

VDB-57410

CPE

pronto

CWE

CWE-264 (confermato)

Sfruttamento

Scaricare

CVSS

5.1 (NVD)

EPSS

0.20096

KEV

Attività

molto basso

Settore

Energy, Hostingprovider, ...

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-1271
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-1271
CVE Details	https://www.cvedetails.com/cve/CVE-2011-1271/

◂ Precedente Visione D'ensemble Il prossimo ▸

Do you know our Splunk app?

Download it now for free!