Technical Information

Brief overview of the risk:
The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.
Detailed Information on the risk:

A remote code execution vulnerability exists in the way that the Microsoft .NET Framework and Silverlight framework restrict inheritance within classes. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user.

Further information on this exploit is available at : MS11-078