Uočen je jedan sigurnosni nedostatak u paketu Microsoft .NET Framework, točnije, njegovoj komponenti Microsoft .NET Runtime Optimization Service. Otkriveni nedostatak je posljedica nesigurnog rukovanja ovlastima u "mscorsvw.exe", a mogu ga iskoristiti lokalni napadači kako bi povećali svoje ovlasti na ranjivom sustavu. Uspješni napad može rezultirati izvođenjem proizvoljnog programskog koda sa SYSTEM ovlastima. Za sada ne postoji programska zakrpa kojom bi se otklonio opisani sigurnosni nedostatak.
Microsoft .NET Runtime Optimization Service Local Privilege Escalation
VUPEN ID VUPEN/ADV-2011-0614
CVE ID GENERIC-MAP-NOMATCH
CWE ID Available in VUPEN VNS Customer Area
CVSS V2 Available in VUPEN VNS Customer Area
Rated as Moderate Risk
Impact Available in VUPEN VNS Customer Area
Authentication Level Available in VUPEN VNS Customer Area
Access Vector Available in VUPEN VNS Customer Area
Release Date 2011-03-08
Share Twitter LinkedIn Facebook Delicious Digg Slashdot
Technical Description
A vulnerability has been identified in Microsoft Windows, which could be exploited by local attackers to gain elevated privileges. This issue is caused by insecure write permissions being set on the .NET Runtime Optimization Service application "mscorsvw.exe", which could allow a malicious Power or Domain user to overwrite the affected executable file with a malicious binary and execute arbitrary code with SYSTEM privileges.
VUPEN has confirmed the vulnerability on fully updated Microsoft Windows Server 2003 SP2 and Microsoft Windows XP SP3 systems with Microsoft .NET Framework version 2.0.50727.
Affected Products
Microsoft Windows XP Service Pack 3
Microsoft Windows Server 2003 Service Pack 2
Microsoft .NET Framework version 2.0.50727
Solution
VUPEN Security is not aware of any vendor-supplied patch.
References
http://www.vupen.com/english/advisories/2011/0614
Public Exploit or PoC
Available in customer area as part of the VUPEN Vulnerability Notification Service.
Credits
Vulnerability reported by XenoMuta.
Changelog
2011-03-08 : Initial release
Posljednje sigurnosne preporuke