Content
(MS09-061) Microsoft .NET Framework CAS Pointer Verification Vulnerability (974378)
- Type
- Logic error
- Impact of exploitation
- Remote Code Execution
- User Interaction
- user interaction is needed
- Attack Vector
- Website with malicious content
- Rating
- Medium
- CVE reference
- CVE-2009-0090,
- Vendor Status
- Responded and patched
- Vulnerable systems
- .Net Framework 1.1 SP1,
- .Net Framework 1.1 SP3,
- .Net Framework 1.1 SP2,
- Summary
- A vulnerability in the Microsoft .NET Common Language Runtime may allow remote code execution.
Tab Navigation
Description
A vulnerability in the Microsoft .NET Common Language Runtime may allow remote code execution. The vulnerability can allow a malicious Microsoft .NET application to obtain a managed pointer to stack memory that is no longer used. The malicious Microsoft .NET application can then use this pointer to modify legitimate values placed at that stack location. That could lead to arbitrary code execution.
McAfee Product Mitigation & Recommendations
Recommendations
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-061.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-061) Microsoft .NET Framework CAS Pointer Verification Vulnerability (974378)
- Signature identifier:
- 7208
- Release date:
- 10/13/2009
McAfee Intrushield
- Signature:
- HTTP: Microsoft .NET Framework CAS Pointer Verification Vulnerability
- Signature identifier:
- 0x40268800
- Release date:
- 10/13/2009
- First released in:
- 4.1.59, 5.1.29
McAfee Host IPS
- Signature:
- Generic Buffer Overflow Protection
- Signature identifier:
- 428
- Release date:
- 8/24/2000
- First released in:
- 2.0
- Signature:
- (MS09-061) Microsoft .NET Framework CAS Pointer Verification Vulnerability (974378)
- Signature identifier:
- 7208
- Release date:
- 10/14/2009
McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection
- Signature:
- Generic Buffer Overflow Protection
McAfee VirusScan Enterprise 8.5i (VSE8.5i) /Total Protection for Small Business (ToPS SB) Buffer Overflow Protection
- Signature:
- Generic Buffer Overflow Protection
- Signature:
- Generic Buffer Overflow Protection
- Signature:
- MS09-061 - Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)
- Release date:
- 10/14/2009
Additional Resources
(MS09-061) Microsoft .NET Framework CAS Pointer Verification Vulnerability (974378)
http://www.microsoft.com/technet/security/bulletin/ms09-061.mspx
All Information
Timeline -
10/13/2009
Vendor has provided a patch.
Description -
A vulnerability in the Microsoft .NET Common Language Runtime may allow remote code execution. The vulnerability can allow a malicious Microsoft .NET application to obtain a managed pointer to stack memory that is no longer used. The malicious Microsoft .NET application can then use this pointer to modify legitimate values placed at that stack location. That could lead to arbitrary code execution.
McAfee Product Mitigation & Recommendations
Recommendations -
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-061.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-061) Microsoft .NET Framework CAS Pointer Verification Vulnerability (974378)
- Signature identifier:
- 7208
- Release date:
- 10/13/2009
McAfee Intrushield
- Signature:
- HTTP: Microsoft .NET Framework CAS Pointer Verification Vulnerability
- Signature identifier:
- 0x40268800
- Release date:
- 10/13/2009
- First released in:
- 4.1.59, 5.1.29
McAfee Host IPS
- Signature:
- Generic Buffer Overflow Protection
- Signature identifier:
- 428
- Release date:
- 8/24/2000
- First released in:
- 2.0
- Signature:
- (MS09-061) Microsoft .NET Framework CAS Pointer Verification Vulnerability (974378)
- Signature identifier:
- 7208
- Release date:
- 10/14/2009
McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection
- Signature:
- Generic Buffer Overflow Protection
McAfee VirusScan Enterprise 8.5i (VSE8.5i) /Total Protection for Small Business (ToPS SB) Buffer Overflow Protection
- Signature:
- Generic Buffer Overflow Protection
- Signature:
- Generic Buffer Overflow Protection
- Signature:
- MS09-061 - Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)
- Release date:
- 10/14/2009
Additional Resources
Additional Resources -
(MS09-061) Microsoft .NET Framework CAS Pointer Verification Vulnerability (974378)
http://www.microsoft.com/technet/security/bulletin/ms09-061.mspx
