Microsoft Releases Advance Notification for October Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that its October release will contain eight bulletins. These bulletins will have the severity ratings of critical and important and will be for Microsoft .NET Framework, Microsoft Silverlight, Microsoft Windows, Internet...

BruCON Agnitio workshop Slides and Video Demonstration - Download

BruCON Agnitio workshop Slides and Video Demonstration - Download Workshop by David Rook Security Ninja at BruCON 2011 in Belgium. You can Download Slide from here. Required for the Agnitio hands on demos: A 32bit Windows Operating System XP or 7 preferably – VM will be fine .NET framework 3.5...

Microsoft .NET Framework Information Disclosure Vulnerability (2567951)

This host is missing an important security update according to Microsoft Bulletin MS11-069. OpenVAS Vulnerability Test $Id: secpodms11-069.nasl 5362 2017-02-20 12:46:39Z cfi $ Microsoft .NET Framework Information Disclosure Vulnerability 2567951 Authors: Sooraj KS Copyright: Copyright c 2011...

Microsoft .NET Framework Chart Control Information Disclosure Vulnerability (2567943)

This host is missing an important security update according to Microsoft Bulletin MS11-066. OpenVAS Vulnerability Test $Id: secpodms11-066.nasl 5362 2017-02-20 12:46:39Z cfi $ Microsoft .NET Framework Chart Control Information Disclosure Vulnerability 2567943 Authors: Sooraj KS Copyright: Copyrig...

Microsoft .NET Framework Chart Control Information Disclosure Vulnerability (2567943)

This host is missing an important security update according to Microsoft Bulletin MS11-066. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2011-1978

Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via 1 a crafted XAML browser application aka XBAP, 2 a crafted ASP.NET...

Design/Logic Flaw

Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via 1 a crafted XAML browser application aka XBAP, 2 a crafted ASP.NET...

Information disclosure

The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify functions in URIs, which allows remote attackers to read arbitrary files via special characters in a URI in an HTTP request, aka "Chart Control Information...

CVE-2011-1978

Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via 1 a crafted XAML browser application aka XBAP, 2 a crafted ASP.NET...

CVE-2011-1977

CVE-2011-1977 describes an information-disclosure vulnerability in Microsoft Chart Control used by ASP.NET Chart controls in .NET Framework 4 and Chart Control for .NET Framework 3.5 SP1. The issue arises from improper verification of functions within URIs, enabling a remote attacker to read arbi...

CVE-2011-1978

Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via 1 a crafted XAML browser application aka XBAP, 2 a crafted ASP.NET...

CVE-2011-1978

CVE-2011-1978 affects Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, where improper validation of the System.Net.Sockets trust level allows information disclosure or triggering arbitrary outbound network traffic via crafted XBAP, ASP.NET, or .NET Framework applications. Connected sources (MS11-0...

CVE-2011-1977

The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify functions in URIs, which allows remote attackers to read arbitrary files via special characters in a URI in an HTTP request, aka "Chart Control Information...

PT-2011-3519 · Microsoft · .Net Framework

Name of the Vulnerable Software and Affected Versions: Microsoft .NET Framework versions 2.0 SP2, 3.5.1, and 4 Description: An information disclosure issue exists due to improper validation of the trust level within the System.Net.Sockets namespace. This allows remote attackers to obtain sensitiv...

Patch Tuesday: Microsoft Releases 13 Bulletins, 2 Critical

Microsoft shipped 13 bulletins in the August edition of Patch Tuesday, including two critical fixes for the Internet Explorer Browser and for Windows DNS Server that the company warns could enable remote attacks. The scheduled monthly update includes a a cumulative security update for Internet...

Microsoft .NET Framework 'System.Net.Sockets' Namespace Security Bypass Vulnerability

Description The Microsoft .NET Framework is prone to a security-bypass vulnerability. Attackers can exploit this issue to perform denial-of-service attacks, scan network resources, and obtain potentially sensitive information that was not intended to be disclosed. Technologies Affected Avaya Aura...

Microsoft .NET Framework Chart Control Information Disclosure Vulnerability

Description The Microsoft .NET Framework is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to gain access to sensitive information that may aid in further attacks. Attackers can exploit this issue by submitting a specially crafted request to a vulnerable...

MS11-069: Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)

The remote Windows host is running a version of the Microsoft .NET Framework that improperly validates the trust level within the System.Net.Sockets namespace. A remote attacker could exploit this issue by tricking a user into viewing a specially crafted XML file, resulting in information...

Microsoft Releases August Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft Office, Microsoft .NET Framework, and Microsoft Developer Tools as part of the Microsoft Security Bulletin Summary for August 2011. These vulnerabilities may allow an attacker to execute...

Microsoft .NET Framework JIT编译器优化NULL字符串远程代码执行漏洞(MS11-044)

BUGTRAQ ID: 47834 CVE ID: CVE-2011-1271 .NET Framework是用于Windows的新托管代码编程模型。 Microsoft .NET Framework在实现上存在JIT编译器优化NULL字符串远程代码执行漏洞，远程攻击者可利用此漏洞执行任意代码。 此漏洞源于.NET JIT编译器错误地验证了对象中的某些值，通过诱使用户访问带有XBAP的特制网站加以利用。 Microsoft .NET Framework 4.x Microsoft .NET Framework 3.x Microsoft .NET Framework 2.x 厂商补丁：...