The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an βunchecked bufferβ and unvalidated message lengths, probably a buffer overflow.
archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html
osvdb.org/35954
secunia.com/advisories/26003
www.securityfocus.com/bid/24778
www.securitytracker.com/id?1018356
www.us-cert.gov/cas/techalerts/TA07-191A.html
www.vupen.com/english/advisories/2007/2482
docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-040
exchange.xforce.ibmcloud.com/vulnerabilities/34637
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2093