CVE-2011-1253

Current Description

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."

Basic Data

PublishedOctober 12, 2011
Last ModifiedFebruary 26, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-264
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.3
SeverityHIGH
Exploitability Score8.6
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationMicrosoft.net Framework1.0sp3******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSMicrosoftWindows Xp2005sp3media_center*****
      2.3OSMicrosoftWindows Xp2005sp3tablet_pc*****
  • AND
    • OR - Configuration 2
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationMicrosoft.net Framework1.1sp1******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSMicrosoftWindows 2003 Server*sp2******
      2.3OSMicrosoftWindows Server 2003*sp2******
      2.3OSMicrosoftWindows Server 2008*sp2x32*****
      2.3OSMicrosoftWindows Server 2008*sp2x64*****
      2.3OSMicrosoftWindows Server 2008-sp2itanium*****
      2.3OSMicrosoftWindows Vista*sp2******
      2.3OSMicrosoftWindows Vista*sp2x64*****
      2.3OSMicrosoftWindows Xp*sp3******
      2.3OSMicrosoftWindows Xp-sp2x64*****
  • AND
    • OR - Configuration 3
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationMicrosoft.net Framework2.0sp2******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSMicrosoftWindows 2003 Server*sp2******
      2.3OSMicrosoftWindows Server 2003*sp2******
      2.3OSMicrosoftWindows Server 2008*sp2x32*****
      2.3OSMicrosoftWindows Server 2008*sp2x64*****
      2.3OSMicrosoftWindows Server 2008-sp2itanium*****
      2.3OSMicrosoftWindows Vista*sp2******
      2.3OSMicrosoftWindows Vista*sp2x64*****
      2.3OSMicrosoftWindows Xp*sp3******
      2.3OSMicrosoftWindows Xp-sp2x64*****
  • AND
    • OR - Configuration 4
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationMicrosoft.net Framework3.5.1*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSMicrosoftWindows 7-*******
      2.3OSMicrosoftWindows 7-sp1x64*****
      2.3OSMicrosoftWindows 7-sp1x86*****
      2.3OSMicrosoftWindows Server 2008r2*itanium*****
      2.3OSMicrosoftWindows Server 2008r2*x64*****
      2.3OSMicrosoftWindows Server 2008r2sp1itanium*****
      2.3OSMicrosoftWindows Server 2008r2sp1x64*****
  • AND
    • OR - Configuration 5
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationMicrosoft.net Framework4.0*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSMicrosoftWindows 2003 Server*sp2******
      2.3OSMicrosoftWindows 7-sp1x64*****
      2.3OSMicrosoftWindows 7-sp1x86*****
      2.3OSMicrosoftWindows Server 2003*sp2******
      2.3OSMicrosoftWindows Server 2008*sp2x32*****
      2.3OSMicrosoftWindows Server 2008*sp2x64*****
      2.3OSMicrosoftWindows Server 2008-sp2itanium*****
      2.3OSMicrosoftWindows Server 2008r2*itanium*****
      2.3OSMicrosoftWindows Server 2008r2*x64*****
      2.3OSMicrosoftWindows Server 2008r2sp1itanium*****
      2.3OSMicrosoftWindows Server 2008r2sp1x64*****
      2.3OSMicrosoftWindows Vista*sp2******
      2.3OSMicrosoftWindows Vista*sp2x64*****
      2.3OSMicrosoftWindows Xp*sp3******
      2.3OSMicrosoftWindows Xp-sp2x64*****
  • OR - Configuration 6
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMicrosoftSilverlight4.0.60531.0*******

Vulnerable Software List

VendorProductVersions
Microsoft Silverlight 4.0.60531.0
Microsoft .net Framework 1.0, 1.1, 2.0, 3.5.1, 4.0

References

NameSourceURLTags
MS11-078https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-078MS
oval:org.mitre.oval:def:13069https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13069OVAL