1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP MS Framework CLR Code Exec

HTTP MS Framework CLR Code Exec

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detect arbitrary code exectution when Microsoft .NET Common Language Runtime (CLR) handles delegates to virtual methods.

Additional Information

The Microsoft .NET Framework is a software framework for applications designed to run under Microsoft Windows. Microsoft Silverlight is a web application framework that provides support for .NET applications. Both support a security model that limits the privileges granted to .NET applications.

Microsoft Silverlight and Microsoft .NET Framework are prone to a remote code-execution vulnerability. This issue occurs when Microsoft .NET Common Language Runtime (CLR) handles delegates to virtual methods.

Successful exploits will allow the attacker to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition.

Affected

  • Microsoft Silverlight and Microsoft .NET Framework

Response

The vendor has released an advisory and fixes. Please see the references for more information.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube