[PCWorks] Microsoft .NET Framework / Silverlight Code Execution Vulnerabilities

  • From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
  • To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
  • Date: Wed, 11 Aug 2010 01:51:48 -0500

TITLE:
Microsoft .NET Framework / Silverlight Code Execution 
Vulnerabilities

Criticality level:  Highly critical
Impact:  System access
Where:  From remote

VERIFY ADVISORY:
http://secunia.com/advisories/40872/

DESCRIPTION:
Some vulnerabilities have been reported in Microsoft .NET 
Framework
and Silverlight, which can be exploited by malicious people to
compromise a vulnerable system.

1) An error in the way Silverlight handles pointers can be 
exploited
to corrupt memory by tricking a user into visiting a web site
containing specially crafted Silverlight content.

Successful exploitation allows execution of arbitrary code.

NOTE: This vulnerability affects Silverlight 3 only.

2) An error in the .NET Framework when the CLR (Common Language
Runtime) handles delegates to virtual methods can be exploited 
by a
specially crafted .NET application or Silverlight application 
to
execute arbitrary unmanaged code.

SOLUTION:
Apply patches.

ORIGINAL ADVISORY:
MS10-060 (KB978464, KB982926, KB983582, KB983583, KB983587, 
KB983588,
KB983589, KB983590, KB2265906):
http://www.microsoft.com/technet/security/bulletin/MS10-060.mspx


=========================
The list's FAQ's can be seen by sending an email to 
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.

To unsubscribe, subscribe, set Digest or Vacation to on or off, go to 
//www.freelists.org/list/pcworks .  You can also send an email to 
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line.  Your 
member list settings can be found at 
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks .  Once logged in, you have 
access to numerous other email options.  

The list archives are located at //www.freelists.org/archives/pcworks/ .  
All email posted to the list will be placed there in the event anyone needs to 
look for previous posts.
-zxdjhu-

Other related posts:

  • » [PCWorks] Microsoft .NET Framework / Silverlight Code Execution Vulnerabilities - Clint Hamilton-PCWorks Admin
  1. Home
  2. pcworks
  3. Archive
  4. 08-2010