 |
|
|
|
Microsoft .Net framework multiple security vulnerabilities
updated since 10.07.2007 | | Published: |  | 25.08.2008 | | Source: |  | MICROSOFT | | SecurityVulns ID: |  | 7911 | | Type: |  | client | | Level: |  | 7/10 | | Description: |  | Buffer overflow on PE .Net format parsing, buffer overflow in KIT compiler, remote information leak in ASP.NET with poisoned NULL byte. |
| Affected: |  | MICROSOFT : Windows 2000 Server | | | | MICROSOFT : Windows 2000 Professional | | | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | MICROSOFT : Windows Vista | | CVE: |  | CVE-2007-0043 (The Just In Time (JIT) Compiler service in Microsoft .NET Framework 2.0 through 2.0 SP2 for Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".) | | | | CVE-2007-0042 (ASP.NET in Microsoft .NET Framework 2.0 SP2 and earlier for Windows 2000, XP, and Server 2003; and 2.0 and earlier for Windows Vista allows remote attackers to access configuration files and obtain sensitive information via "invalid URLs," probably containing a terminating NULL byte.) | | | | CVE-2007-0041 (The PE Loader service in Microsoft .NET Framework 2.0 SP2 and earlier for Windows 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.) |
|
|
|
|
|
|
|
|
