CVE-2011-1271

Current Description

The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework JIT Optimization Vulnerability."

Basic Data

PublishedMay 10, 2011
Last ModifiedFebruary 26, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-264
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:H/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityHIGH
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.1
SeverityMEDIUM
Exploitability Score4.9
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationMicrosoft.net Framework4.0*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSMicrosoftWindows 2003 Server*sp2******
      2.3OSMicrosoftWindows 7-*******
      2.3OSMicrosoftWindows 7-sp1x86*****
      2.3OSMicrosoftWindows Server 2003*sp2******
      2.3OSMicrosoftWindows Server 2008**itanium*****
      2.3OSMicrosoftWindows Server 2008**x32*****
      2.3OSMicrosoftWindows Server 2008**x64*****
      2.3OSMicrosoftWindows Server 2008*sp2x32*****
      2.3OSMicrosoftWindows Server 2008*sp2x64*****
      2.3OSMicrosoftWindows Server 2008-sp2itanium*****
      2.3OSMicrosoftWindows Server 2008r2*itanium*****
      2.3OSMicrosoftWindows Server 2008r2*x64*****
      2.3OSMicrosoftWindows Server 2008r2sp1itanium*****
      2.3OSMicrosoftWindows Server 2008r2sp1x64*****
      2.3OSMicrosoftWindows Vista*sp1******
      2.3OSMicrosoftWindows Vista*sp1x64*****
      2.3OSMicrosoftWindows Vista*sp2******
      2.3OSMicrosoftWindows Vista*sp2x64*****
      2.3OSMicrosoftWindows Xp*sp3******
      2.3OSMicrosoftWindows Xp-sp2x64*****
  • AND
    • OR - Configuration 2
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationMicrosoft.net Framework3.5.1*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSMicrosoftWindows 7-*******
      2.3OSMicrosoftWindows 7-sp1x64*****
      2.3OSMicrosoftWindows 7-sp1x86*****
      2.3OSMicrosoftWindows Server 2008r2*itanium*****
      2.3OSMicrosoftWindows Server 2008r2*x64*****
      2.3OSMicrosoftWindows Server 2008r2sp1itanium*****
      2.3OSMicrosoftWindows Server 2008r2sp1x64*****
  • AND
    • OR - Configuration 3
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationMicrosoft.net Framework2.0sp2******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSMicrosoftWindows 2003 Server*sp2******
      2.3OSMicrosoftWindows Server 2003*sp2******
      2.3OSMicrosoftWindows Server 2008**itanium*****
      2.3OSMicrosoftWindows Server 2008**x32*****
      2.3OSMicrosoftWindows Server 2008**x64*****
      2.3OSMicrosoftWindows Server 2008*sp2x32*****
      2.3OSMicrosoftWindows Server 2008*sp2x64*****
      2.3OSMicrosoftWindows Server 2008-sp2itanium*****
      2.3OSMicrosoftWindows Vista*sp1******
      2.3OSMicrosoftWindows Vista*sp1x64*****
      2.3OSMicrosoftWindows Vista*sp2******
      2.3OSMicrosoftWindows Vista*sp2x64*****
      2.3OSMicrosoftWindows Xp*sp3******
      2.3OSMicrosoftWindows Xp-sp2x64*****
  • AND
    • OR - Configuration 4
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationMicrosoft.net Framework3.5sp1******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSMicrosoftWindows 2003 Server*sp2******
      2.3OSMicrosoftWindows Server 2003*sp2******
      2.3OSMicrosoftWindows Server 2008**itanium*****
      2.3OSMicrosoftWindows Server 2008**x32*****
      2.3OSMicrosoftWindows Server 2008**x64*****
      2.3OSMicrosoftWindows Server 2008*sp2x32*****
      2.3OSMicrosoftWindows Server 2008*sp2x64*****
      2.3OSMicrosoftWindows Server 2008-sp2itanium*****
      2.3OSMicrosoftWindows Vista*sp1******
      2.3OSMicrosoftWindows Vista*sp1x64*****
      2.3OSMicrosoftWindows Vista*sp2******
      2.3OSMicrosoftWindows Vista*sp2x64*****
      2.3OSMicrosoftWindows Xp*sp3******
      2.3OSMicrosoftWindows Xp-sp2x64*****
  • AND
    • OR - Configuration 5
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationMicrosoft.net Framework2.0sp1******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSMicrosoftWindows Server 2008**itanium*****
      2.3OSMicrosoftWindows Server 2008**x32*****
      2.3OSMicrosoftWindows Server 2008**x64*****
      2.3OSMicrosoftWindows Vista*sp1******
      2.3OSMicrosoftWindows Vista*sp1x64*****
  • AND
    • OR - Configuration 6
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationMicrosoft.net Framework3.5*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSMicrosoftWindows 2003 Server*sp2******
      2.3OSMicrosoftWindows Server 2003*sp2******
      2.3OSMicrosoftWindows Server 2008**itanium*****
      2.3OSMicrosoftWindows Server 2008**x32*****
      2.3OSMicrosoftWindows Server 2008**x64*****
      2.3OSMicrosoftWindows Vista*sp1******
      2.3OSMicrosoftWindows Vista*sp1x64*****
      2.3OSMicrosoftWindows Vista*sp2******
      2.3OSMicrosoftWindows Vista*sp2x64*****
      2.3OSMicrosoftWindows Xp*sp3******
      2.3OSMicrosoftWindows Xp-sp2x64*****

Vulnerable Software List

VendorProductVersions
Microsoft .net Framework 2.0, 3.5, 3.5.1, 4.0

References

NameSourceURLTags
http://stackoverflow.com/questions/2135509/bug-only-occurring-when-compile-optimization-enabled/http://stackoverflow.com/questions/2135509/bug-only-occurring-when-compile-optimization-enabled/MISCExploit
MS11-044https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-044MS
oval:org.mitre.oval:def:12686https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12686OVAL