<< Back
CVE Number Vulnerability Product Severity Date
MS11-100 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420) Windows XP Critical 30-12-2011

Technical Information

Brief overview of the risk:
This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of these vulnerabilities could allow elevation of privilege if an unauthenticated attacker sends a specially crafted web request to the target site. An attacker who successfully exploited this vulnerability could take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands. In order to exploit this vulnerability, an attacker must be able to register an account on the ASP.NET site, and must know an existing user name.
Detailed Information on the risk:

A denial of service vulnerability exists in the way that ASP.NET Framework handles specially crafted requests, causing a hash collision. An attacker who successfully exploited this vulnerability could send a small number of specially crafted requests to an ASP.NET server, causing performance to degrade significantly enough to cause a denial of service condition.


Further information on this exploit is available at : MS11-100

Affected Software

Windows XP Service Pack 3 Microsoft .NET Framework 1.1 Service Pack 1
Windows XP Service Pack 3 Microsoft .NET Framework 2.0 Service Pack 2
Windows XP Service Pack 3 Microsoft .NET Framework 3.5 Service Pack 1
Windows XP Service Pack 3 Microsoft .NET Framework 4
Windows XP Professional x64 Edition Service Pack 2 Microsoft .NET Framework 1.1 Service Pack 1
Windows XP Professional x64 Edition Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2
Windows XP Professional x64 Edition Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1
Windows XP Professional x64 Edition Service Pack 2 Microsoft .NET Framework 4
Windows Server 2003 Service Pack 2 Microsoft .NET Framework 1.1 Service Pack 1
Windows Server 2003 Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2
Windows Server 2003 Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1
Windows Server 2003 Service Pack 2 Microsoft .NET Framework 4
Windows Server 2003 x64 Edition Service Pack 2 Microsoft .NET Framework 1.1 Service Pack 1
Windows Server 2003 x64 Edition Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1
Windows Server 2003 x64 Edition Service Pack 2 Microsoft .NET Framework 4
Windows Server 2003 with SP2 for Itanium-based Systems Microsoft .NET Framework 1.1 Service Pack 1
Windows Server 2003 with SP2 for Itanium-based Systems Microsoft .NET Framework 2.0 Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems Microsoft .NET Framework 3.5 Service Pack 1
Windows Server 2003 with SP2 for Itanium-based Systems Microsoft .NET Framework 4
Windows Vista Service Pack 2 Microsoft .NET Framework 1.1 Service Pack 1
Windows Vista Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2
Windows Vista Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1
Windows Vista Service Pack 2 Microsoft .NET Framework 4
Windows Vista x64 Edition Service Pack 2 Microsoft .NET Framework 1.1 Service Pack 1
Windows Vista x64 Edition Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2
Windows Vista x64 Edition Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1
Windows Vista x64 Edition Service Pack 2 Microsoft .NET Framework 4
Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 1.1 Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4
Microsoft .NET Framework 4 Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 4 Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 4 Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 4 Microsoft .NET Framework 4
Windows Server 2008 for Itanium-based Systems Service Pack 2 Microsoft .NET Framework 1.1 Service Pack 1
Windows Server 2008 for Itanium-based Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1
Windows Server 2008 for Itanium-based Systems Service Pack 2 Microsoft .NET Framework 4
Windows 7 for 32-bit Systems Microsoft .NET Framework 3.5.1
Windows 7 for 32-bit Systems Microsoft .NET Framework 4
Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 3.5 Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 4
Windows 7 for x64-based Systems Microsoft .NET Framework 3.5 Service Pack 1
Windows 7 for x64-based Systems Microsoft .NET Framework 4
Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5 Service Pack 1
Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4
Windows Server 2008 R2 for x64-based Systems Microsoft .NET Framework 3.5 Service Pack 1
Windows Server 2008 R2 for x64-based Systems Microsoft .NET Framework 4
Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5 Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4
Windows Server 2008 R2 for Itanium-based Systems Microsoft .NET Framework 3.5 Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Microsoft .NET Framework 4
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Microsoft .NET Framework 3.5 Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Microsoft .NET Framework 4