Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
.NET Buffer Overflows in PE Loader and JIT Compiler Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1018356 |
|
SecurityTracker URL: http://securitytracker.com/id/1018356
|
|
CVE Reference:
CVE-2007-0041, CVE-2007-0042, CVE-2007-0043
(Links to External Site)
|
Updated: Apr 23 2008
|
Original Entry Date: Jul 10 2007
|
Impact:
Disclosure of user information, Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 1.0, 1.1, 2.0
|
Description:
Several vulnerabilities were reported in .NET. A remote user can execute arbitrary code on the target system. A remote user can obtain configuration files.
A remote user can create specially crafted HTML that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.
Specially crafted HTML can trigger a buffer overflow in the .NET Framework PE Loader service. Specially crafted HTML can trigger a buffer overflow in the JIT Compiler service (on .NET 2.0 only).
A remote user can a send specially crafted NULL byte terminated URL to bypass ASP.NET security features and gain read access to configuration files.
Microsoft credits Dinis Cruz of OWASP, Paul Craig of Security Assessment, and Jeroen Frijters of Sumatra with reporting these vulnerabilities.
|
Impact:
A remote user can execute arbitrary code on the target system.
A remote user can obtain configuration files.
|
Solution:
The vendor has issued the following fixes:
Windows 2000 Service Pack 4, Microsoft .NET Framework 1.0:
http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976E-9A01345A8603
Windows XP Service Pack 2 and XP Service Pack 3, Microsoft .NET Framework 1.0:
http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976E-9A01345A8603
Windows XP Professional x64 Edition, Windows XP Professional x64 Edition Service Pack 2 and Windows XP Professional x64 Edition Service Pack 3, Microsoft .NET Framework 1.0:
http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976E-9A01345A8603
Windows XP Tablet PC Edition 2005 and Windows XP Media Center Edition 2005, Microsoft .NET Framework 1.0:
http://www.microsoft.com/downloads/details.aspx?FamilyId=829A2C5B-11EC-4ED7-91AB-6961034147BC
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Microsoft .NET Framework 1.0:
http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976E-9A01345A8603
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems, Microsoft .NET Framework 1.0 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976E-9A01345A8603
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2, Microsoft .NET Framework 1.0:
http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976E-9A01345A8603
Windows Vista and Windows Vista Service Pack 1, Microsoft .NET Framework 1.0:
http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976E-9A01345A8603
Windows Server 2008, Microsoft .NET Framework 1.0:
http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976E-9A01345A8603
Windows Server 2008 for Itanium-based Systems, Microsoft .NET Framework 1.0:
http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976E-9A01345A8603
Windows Server 2008 x64 Edition, Microsoft .NET Framework 1.0:
http://www.microsoft.com/downloads/details.aspx?FamilyId=91D7AFE4-069B-4CE8-976E-9A01345A8603
Windows 2000 Service Pack 4, Microsoft .NET Framework 1.1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=281FB2CD-C715-4F05-A01F-0455D2D9EBFB
Windows XP Service Pack 2 and Windows XP Service Pack 3, Microsoft .NET Framework 1.1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=281FB2CD-C715-4F05-A01F-0455D2D9EBFB
Windows XP Professional x64 Edition, Windows XP Professional x64 Edition Service Pack 2, and Windows XP Professional x64 Edition Service Pack 3, Microsoft .NET Framework 1.1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=281FB2CD-C715-4F05-A01F-0455D2D9EBFB
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Microsoft .NET Framework 1.1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=2495E656-1E0A-4B83-90DA-821E68067A71
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems, Microsoft .NET Framework 1.1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=281FB2CD-C715-4F05-A01F-0455D2D9EBFB
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2, Microsoft .NET Framework 1.1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=281FB2CD-C715-4F05-A01F-0455D2D9EBFB
Windows Vista and Windows Vista Service Pack 1, Microsoft .NET Framework 1.1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=7EEA368D-7B82-4583-8537-30351718A4E9
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1, Microsoft .NET Framework 1.1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=7EEA368D-7B82-4583-8537-30351718A4E9
Windows Server 2008, Microsoft .NET Framework 1.1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=7EEA368D-7B82-4583-8537-30351718A4E9
Windows Server 2008 for Itanium-based Systems, Microsoft .NET Framework 1.1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=7EEA368D-7B82-4583-8537-30351718A4E9
Windows Server 2008 x64 Edition, Microsoft .NET Framework 1.1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=7EEA368D-7B82-4583-8537-30351718A4E9
Windows 2000 Service Pack 4, Microsoft .NET Framework 2.0:
http://www.microsoft.com/downloads/details.aspx?FamilyId=BA3CEB78-8E1B-4C38-ADFD-E8BC95AE548D
Windows XP Service Pack 2 and Windows XP Service Pack 3, Microsoft .NET Framework 2.0:
http://www.microsoft.com/downloads/details.aspx?FamilyId=BA3CEB78-8E1B-4C38-ADFD-E8BC95AE548D
Windows XP Professional x64 Edition, Windows XP Professional x64 Edition Service Pack 2, and and Windows XP Professional x64 Edition Service Pack 3, Microsoft .NET Framework 2.0:
http://www.microsoft.com/downloads/details.aspx?FamilyId=BA3CEB78-8E1B-4C38-ADFD-E8BC95AE548D
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Microsoft .NET Framework 2.0:
http://www.microsoft.com/downloads/details.aspx?FamilyId=BA3CEB78-8E1B-4C38-ADFD-E8BC95AE548D
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems, Microsoft .NET Framework 2.0:
http://www.microsoft.com/downloads/details.aspx?FamilyId=BA3CEB78-8E1B-4C38-ADFD-E8BC95AE548D
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2, Microsoft .NET Framework 2.0:
http://www.microsoft.com/downloads/details.aspx?FamilyId=BA3CEB78-8E1B-4C38-ADFD-E8BC95AE548D
Windows Vista, Microsoft .NET Framework 2.0:
http://www.microsoft.com/downloads/details.aspx?FamilyId=CBC9F3CF-C3C3-45C4-82E3-E11398BC2CD2
Windows Vista x64 Edition, Microsoft .NET Framework 2.0:
http://www.microsoft.com/downloads/details.aspx?FamilyId=CBC9F3CF-C3C3-45C4-82E3-E11398BC2CD2
A restart is required.
On March 25, 2008, Microsoft reissued this bulletin to indicate that Windows Server 2008 is also affected.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms07-040.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms07-040.mspx (Links to External Site)
|
Cause:
Boundary error, Input validation error
|
Underlying OS:
Windows (2000), Windows (2003), Windows (2008), Windows (Vista), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 10 Jul 2007 14:45:23 -0400
Subject: Microsoft Security Bulletin MS07-040 - Critical: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212)
|
http://www.microsoft.com/technet/security/bulletin/ms07-040.mspx
CVE-2006-7192
CVE-2007-0041
CVE-2007-0042
CVE-2007-0043
|
|
Go to the Top of This SecurityTracker Archive Page
|
