Microsoft .NET Framework and Silverlight vulnerability could allow remote code execution
Report ID: MS201110004
Date Published: 12 October 2011
Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote
Affected Product/Component:
Microsoft .NET Framework
Microsoft Silverlight
Summary
A vulnerability in Microsoft .NET Framework and Microsoft Silverlight could allow an attacker to execute arbitrary code by persuading a user into viewing a malicious web page using a browser that runs XAML Browser Applications (XBAPs) or Silverlight applications.
Detailed Description
Microsoft has issued a security update to address a vulnerability in Microsoft .NET Framework and Microsoft Silverlight that was caused by improper inheritance restriction within classes. An attacker could be able to execute arbitrary code on a system by tricking a user into viewing a malicious web page using a browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Upon successful exploit, the attacker could take complete control of the system and perform actions with full user rights.
CVE Reference
CVE-2011-1253
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms11-078)
