SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Microsoft .NET Vendors:   Microsoft
.NET Buffer Overflows in PE Loader and JIT Compiler Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1018356
SecurityTracker URL:  http://securitytracker.com/id/1018356
CVE Reference:   CVE-2007-0041, CVE-2007-0042, CVE-2007-0043   (Links to External Site)
Updated:  Apr 23 2008
Original Entry Date:  Jul 10 2007
Impact:   Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.0, 1.1, 2.0
Description:   Several vulnerabilities were reported in .NET. A remote user can execute arbitrary code on the target system. A remote user can obtain configuration files.

A remote user can create specially crafted HTML that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

Specially crafted HTML can trigger a buffer overflow in the .NET Framework PE Loader service. Specially crafted HTML can trigger a buffer overflow in the JIT Compiler service (on .NET 2.0 only).

A remote user can a send specially crafted NULL byte terminated URL to bypass ASP.NET security features and gain read access to configuration files.

Microsoft credits Dinis Cruz of OWASP, Paul Craig of Security Assessment, and Jeroen Frijters of Sumatra with reporting these vulnerabilities.

Impact:   A remote user can execute arbitrary code on the target system.

A remote user can obtain configuration files.

Solution:   The vendor has issued the following fixes:

Windows 2000 Service Pack 4, Microsoft .NET Framework 1.0:

http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976E-9A01345A8603

Windows XP Service Pack 2 and XP Service Pack 3, Microsoft .NET Framework 1.0:

http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976E-9A01345A8603

Windows XP Professional x64 Edition, Windows XP Professional x64 Edition Service Pack 2 and Windows XP Professional x64 Edition Service Pack 3, Microsoft .NET Framework 1.0:

http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976E-9A01345A8603

Windows XP Tablet PC Edition 2005 and Windows XP Media Center Edition 2005, Microsoft .NET Framework 1.0:

http://www.microsoft.com/downloads/details.aspx?FamilyId=829A2C5B-11EC-4ED7-91AB-6961034147BC

Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Microsoft .NET Framework 1.0:

http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976E-9A01345A8603

Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems, Microsoft .NET Framework 1.0 :

http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976E-9A01345A8603

Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2, Microsoft .NET Framework 1.0:

http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976E-9A01345A8603

Windows Vista and Windows Vista Service Pack 1, Microsoft .NET Framework 1.0:

http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976E-9A01345A8603

Windows Server 2008, Microsoft .NET Framework 1.0:

http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976E-9A01345A8603

Windows Server 2008 for Itanium-based Systems, Microsoft .NET Framework 1.0:

http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976E-9A01345A8603

Windows Server 2008 x64 Edition, Microsoft .NET Framework 1.0:

http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976E-9A01345A8603

Windows 2000 Service Pack 4, Microsoft .NET Framework 1.1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=281FB2CD-C715-4F05-A01F-0455D2D9EBFB

Windows XP Service Pack 2 and Windows XP Service Pack 3, Microsoft .NET Framework 1.1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=281FB2CD-C715-4F05-A01F-0455D2D9EBFB

Windows XP Professional x64 Edition, Windows XP Professional x64 Edition Service Pack 2, and Windows XP Professional x64 Edition Service Pack 3, Microsoft .NET Framework 1.1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=281FB2CD-C715-4F05-A01F-0455D2D9EBFB

Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Microsoft .NET Framework 1.1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=2495E656-1E0A-4B83-90DA-821E68067A71

Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems, Microsoft .NET Framework 1.1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=281FB2CD-C715-4F05-A01F-0455D2D9EBFB

Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2, Microsoft .NET Framework 1.1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=281FB2CD-C715-4F05-A01F-0455D2D9EBFB

Windows Vista and Windows Vista Service Pack 1, Microsoft .NET Framework 1.1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=7EEA368D-7B82-4583-8537-30351718A4E9

Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1, Microsoft .NET Framework 1.1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=7EEA368D-7B82-4583-8537-30351718A4E9

Windows Server 2008, Microsoft .NET Framework 1.1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=7EEA368D-7B82-4583-8537-30351718A4E9

Windows Server 2008 for Itanium-based Systems, Microsoft .NET Framework 1.1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=7EEA368D-7B82-4583-8537-30351718A4E9

Windows Server 2008 x64 Edition, Microsoft .NET Framework 1.1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=7EEA368D-7B82-4583-8537-30351718A4E9

Windows 2000 Service Pack 4, Microsoft .NET Framework 2.0:

http://www.microsoft.com/downloads/details.aspx?FamilyId=BA3CEB78-8E1B-4C38-ADFD-E8BC95AE548D

Windows XP Service Pack 2 and Windows XP Service Pack 3, Microsoft .NET Framework 2.0:

http://www.microsoft.com/downloads/details.aspx?FamilyId=BA3CEB78-8E1B-4C38-ADFD-E8BC95AE548D

Windows XP Professional x64 Edition, Windows XP Professional x64 Edition Service Pack 2, and and Windows XP Professional x64 Edition Service Pack 3, Microsoft .NET Framework 2.0:

http://www.microsoft.com/downloads/details.aspx?FamilyId=BA3CEB78-8E1B-4C38-ADFD-E8BC95AE548D

Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Microsoft .NET Framework 2.0:

http://www.microsoft.com/downloads/details.aspx?FamilyId=BA3CEB78-8E1B-4C38-ADFD-E8BC95AE548D

Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems, Microsoft .NET Framework 2.0:

http://www.microsoft.com/downloads/details.aspx?FamilyId=BA3CEB78-8E1B-4C38-ADFD-E8BC95AE548D

Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2, Microsoft .NET Framework 2.0:

http://www.microsoft.com/downloads/details.aspx?FamilyId=BA3CEB78-8E1B-4C38-ADFD-E8BC95AE548D

Windows Vista, Microsoft .NET Framework 2.0:

http://www.microsoft.com/downloads/details.aspx?FamilyId=CBC9F3CF-C3C3-45C4-82E3-E11398BC2CD2

Windows Vista x64 Edition, Microsoft .NET Framework 2.0:

http://www.microsoft.com/downloads/details.aspx?FamilyId=CBC9F3CF-C3C3-45C4-82E3-E11398BC2CD2

A restart is required.

On March 25, 2008, Microsoft reissued this bulletin to indicate that Windows Server 2008 is also affected.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms07-040.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms07-040.mspx (Links to External Site)
Cause:   Boundary error, Input validation error
Underlying OS:  Windows (2000), Windows (2003), Windows (2008), Windows (Vista), Windows (XP)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC