您现在的位置是:首页 > IT基础架构 > 网络与安全 >

Framework CLR接口处理远程代码执行漏洞

2009-10-12 21:03:00作者: 来源:

摘要Microsoft Silverlight和.NET Framework CLR接口处理远程代码执行漏洞...

(MS09-059)

Microsoft Silverlight和.NET Framework CLR接口处理远程代码执行漏洞

影响版本:

Microsoft .NET Framework 1.x

Microsoft .NET Framework 2.x

Microsoft .NET Framework 3.x漏洞描述:

Bugraq ID: 36611

CVE ID:CVE-2009-0090

Microsoft .NET Framework是一个流行的软件开发工具包。

Microsoft .NET Framework存在一个远程代码执行漏洞,允许恶意Microsoft .NET应用程序获得一个可管理的指针给长久不使用的栈内存,恶意Microsoft .NET应用程序之后可使用此指针修改位于之后栈中的合法值,导致任意未管理的代码执行。

目前没有详细漏洞细节提供。<*参考 

http://www.microsoft.com/technet/security/Bulletin/MS09-059.mspx

http://secunia.com/advisories/37006/

*>

SEBUG安全建议:

用户可参考如下供应商提供的安全补丁:

GOST 34.19-2001 Standard Implementation 1.0 SP3

Microsoft .NET Framework 1.0 Service Pack 3 CLR Security Update for Windows XP Media Center Edition and Window

http://www.microsoft.com/downloads/details.aspx?familyid=1bc56c26-1c7c -47e3-94f4-37af7e00392c

GOST 34.19-2001 Standard Implementation 2.0 SP1

Microsoft .NET Framework 2.0 Service Pack 1 CLR Security Update for Windows 2000, Windows Server 2003, and Win

http://www.microsoft.com/downloads/details.aspx?familyid=d4a328b5-5470 -46b0-86c7-cfe0e6a3ea01

Microsoft .NET Framework 2.0 Service Pack 1 CLR Security Update for Windows Vista

http://www.microsoft.com/downloads/details.aspx?familyid=3cf329c6-6d3d -41eb-bb72-8ba241df0882

Microsoft .NET Framework 2.0 Service Pack 1 CLR Security Update for Windows Vista Service Pack 1 and Windows S

http://www.microsoft.com/downloads/details.aspx?familyid=30e5410d-0942 -4964-9037-52330488efda

GOST 34.19-2001 Standard Implementation 1.1 SP1

Microsoft .NET Framework 1.1 Service Pack 1 CLR Security Update for Windows 2000, Windows XP, Windows 2003 Ser

http://www.microsoft.com/downloads/details.aspx?familyid=78ac8b97-8327 -4ae1-8bb0-6cf227f3968f

Microsoft .NET Framework 1.1 Service Pack 1 CLR Security Update for Windows 2003 Server x86 and Windows 2003 S

http://www.microsoft.com/downloads/details.aspx?familyid=d1b4a58b-f0b1 -4400-a6e6-0255b0513bd1

(责编:小好)


(本文不涉密)
责任编辑:

站点信息

  • 运营主体:中国信息化周报
  • 商务合作:赵瑞华 010-88559646
  • 微信公众号:扫描二维码,关注我们