Signature Detail

HTTP: Microsoft .NET Framework Remote Code Execution

This signature detects attempts to exploit a known vulnerability against Microsoft .NET Framework. A successful attack can result in the attacker could take complete control of an affected system.

Extended Description

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."

Affected Products

• microsoft .net_framework 1.0 (sp3)
• microsoft .net_framework 1.1 (sp1)
• microsoft .net_framework 2.0 (sp1)
• microsoft .net_framework 2.0 (sp2)
• microsoft .net_framework 3.5 (sp1)
• microsoft windows_2000 (sp4)
• microsoft windows_7 - (-)
• microsoft windows_7 - (-:x32)
• microsoft windows_7 - (-:x64)
• microsoft windows_server_2003 (sp2)
• microsoft windows_server_2003 (sp2:itanium)
• microsoft windows_server_2003 (sp2:x64)
• microsoft windows_server_2008 (:itanium)
• microsoft windows_server_2008 (r2)
• microsoft windows_server_2008 (r2:itanium)
• microsoft windows_server_2008 (r2:x64)
• microsoft windows_server_2008 (sp2)
• microsoft windows_server_2008 - (sp2)
• microsoft windows_server_2008 (sp2:itanium)
• microsoft windows_server_2008 - (sp2:x32)
• microsoft windows_server_2008 (sp2:x64)
• microsoft windows_server_2008 (:x32)
• microsoft windows_server_2008 (:x64)
• microsoft windows_vista (sp1)
• microsoft windows_vista (sp1:x64)
• microsoft windows_vista (sp2)
• microsoft windows_vista (sp2:x64)
• microsoft windows_vista (:x64)
• microsoft windows_xp (sp2)
• microsoft windows_xp - (sp2)
• microsoft windows_xp - (sp2:x64)
• microsoft windows_xp (sp3)

References

• CVE: CVE-2009-0090