CERT-In Vulnerability Note CIVN-2007-85
Remote Code Execution Vulnerabilities in Microsoft .NET Framework
Original issue date: July 11, 2007
Severity Rating: High
Systems Affected
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows XP Professional x64 Edition Service Pack 2
- Windows XP Tablet PC Edition 2005
- Windows XP Media Center Edition 2005
- Windows Server 2003 Service Pack 1 and Service Pack 2
- Windows Server 2003 for Itanium-based Systems With SP1 and SP2
- Windows Server 2003 x64 Edition
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Vista
- Windows Vista x64 Edition
Components Affected:
- Microsoft .Net Framework 1.0
- Microsoft .Net Framework 1.1
- Microsoft .Net Framework 2.0
Overview
Multiple vulnerabilities have been reported in Microsoft .Net Framework that could be exploited by an attacker for malicious purposes to disclose potentially sensitive information or compromise a user's system. Two of these vulnerabilities could allow remote code execution on client systems with .NET Framework installed and one could allow information disclosure on Web servers running ASP.NET.
Description
1. .NET PE (Portable Execution) Loader Vulnerability (CVE-2007-0041)
This vulnerability is caused by a buffer overflow error in the PE Loader service in Microsoft .NET Framework when processing overly long messages. An attacker could exploit the vulnerability by constructing a specially crafted web page resulting in remote code execution when user visits the web page .
Workarounds
- Set Internet and Local intranet security zone settings to “High” to prompt before running ActiveX Controls and Active Scripting in these zones.
- Configure Internet Explorer to prompt before running Active Scripting or disable Active Scripting in the Internet and Local intranet security zone .
- Visit trusted Website by adding them in the Internet Explorer Trusted site zone.
- Read e-mail messages in plain text format
2. ASP.NET Null Byte Termination Vulnerability (CVE-2007-0042)
This vulnerability is caused due to an error in ASP.NET while processing URLs containing NULL-bytes. An attacker could exploit this vulnerability which
may disclose potentially sensitive information of a web site via specially crafted requests.
Workarounds
- ASP.NET Web Developers may compare values obtained from Internet accessible values such as query string, cookies, or form variables against a list of allowed values and reject any other values that fall outside of this range.
3. .NET JIT (Just-In-Time) Compiler Vulnerability (CVE-2007-0043)
This vulnerability is caused by a buffer overflow error in Just In Time (JIT) Compiler service in Microsoft .NET Framework 2.0 while processing overly long messages. An attacker could exploit the vulnerability by constructing a specially crafted web page resulting in remote code execution when user visits the web page.
Workarounds
- Set Internet and Local intranet security zone settings to “High” to prompt before running ActiveX Controls and Active Scripting in these zones.
- Configure Internet Explorer to prompt before running Active Scripting or disable Active Scripting in the Internet and Local intranet security zone.
- Read e-mail messages in plain text format
- Visit trusted Website by adding them in the Internet Explorer Trusted site zone.
Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin MS07-0040
Vendor Information
Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS07-040.mspx
References
Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS07-040.mspx
Secunia
http://secunia.com/advisories/26003
FrSirt
http://www.frsirt.com/english/advisories/2007/2482
CVE Name
CVE-2007-0041
CVE-2007-0042
CVE-2007-0043
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
