Microsoft .NET Framework SDK MSIL Tools Buffer Overflow Vulnerabilities
BID:17243
Info
Microsoft .NET Framework SDK MSIL Tools Buffer Overflow Vulnerabilities
| Bugtraq ID: | 17243 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-1510 CVE-2006-1511 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 27 2006 12:00AM |
| Updated: | Jun 27 2007 10:18PM |
| Credit: | Credited to Dinis Cruz and Kerem Kusmezer. |
| Vulnerable: |
Microsoft .NET Framework SDK 1.1 SP1 Microsoft .NET Framework SDK 1.1 Microsoft .NET Framework SDK 1.0 SP2 Microsoft .NET Framework SDK 1.0 SP1 Microsoft .NET Framework SDK 1.0 |
| Not Vulnerable: | |
Discussion
Microsoft .NET Framework SDK MSIL Tools Buffer Overflow Vulnerabilities
Microsoft .NET Framework SDK contains tools for assembling and disassembling MSIL files. These tools are prone to buffer-overflow vulnerabilities that attackers could exploit to cause a denial of service or potentially execute arbitrary code.
These issues were reported to affect the .NET Framework SDK version 1.1 SP1; earlier versions may also be affected. Version 2.0 may also be affected, but code execution does not seem possible.
Microsoft .NET Framework SDK contains tools for assembling and disassembling MSIL files. These tools are prone to buffer-overflow vulnerabilities that attackers could exploit to cause a denial of service or potentially execute arbitrary code.
These issues were reported to affect the .NET Framework SDK version 1.1 SP1; earlier versions may also be affected. Version 2.0 may also be affected, but code execution does not seem possible.
Exploit / POC
Microsoft .NET Framework SDK MSIL Tools Buffer Overflow Vulnerabilities
Currently, we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
The following proof of concept is available:
Currently, we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
The following proof of concept is available:
Solution / Fix
Microsoft .NET Framework SDK MSIL Tools Buffer Overflow Vulnerabilities
Solution:
These issues may have been addressed in .NET Framework SDK 2.0, but Symantec has not confirmed this. Users should contact the vendor for further information.
Solution:
These issues may have been addressed in .NET Framework SDK 2.0, but Symantec has not confirmed this. Users should contact the vendor for further information.
References
Microsoft .NET Framework SDK MSIL Tools Buffer Overflow Vulnerabilities
References:
References:
- .Net Home (Microsoft)
- ILDASM Exception Creator (Kerem Kusmezer)
- Microsoft .NET Framework Developer Center (Microsoft)
- To MSRC: Buffer OverFlow in ILASM and ILDASM (Dinis Cruz)