CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS11-069 | Vulnerability in .NET Framework Could Allow Information Disclosure (2567951) | Windows XP | Critical | 10-08-2011 |
Technical Information
Brief overview of the risk:
An information disclosure vulnerability exists in the way that .NET Framework improperly validates the trust level within the System.Net.Sockets namespace.
Detailed Information on the risk:
An attacker who successfully exploited this vulnerability would be able to access information not intended to be exposed. Additionally, this vulnerability could be used by an attacker to direct network traffic from a victim’s system to other network resources the victim can access. This could allow an attacker to perform a denial of service to any system the victim’s system can access or use the victim’s system to perform scanning of network resources available to the victim. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system.
Further information on this exploit is available at : MS11-069
Affected Software
Windows XP Service Pack 3Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems