BID:51203

Microsoft .NET Framework ASP.NET Forms CVE-2011-3417 Security Bypass Vulnerability

Info

Microsoft .NET Framework ASP.NET Forms CVE-2011-3417 Security Bypass Vulnerability

Bugtraq ID:	51203
Class:	Design Error
CVE:	CVE-2011-3417
Remote:	Yes
Local:	No
Published:	Dec 29 2011 12:00AM
Updated:	Jan 10 2012 07:10PM
Credit:	Microsoft
Vulnerable:	Microsoft .NET Framework 4.0 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 Microsoft .NET Framework 2.0 SP2 Microsoft .NET Framework 2.0 SP1 Microsoft .NET Framework 2.0 Microsoft .NET Framework 1.1 SP3 Microsoft .NET Framework 1.1 SP2 Microsoft .NET Framework 1.1 SP1 Microsoft .NET Framework 1.1 Avaya Messaging Application Server 5.2 Avaya Messaging Application Server 5 Avaya Messaging Application Server 4 Avaya Meeting Exchange - Webportal 0 Avaya Meeting Exchange - Web Conferencing Server 0 Avaya Meeting Exchange - Streaming Server 0 Avaya Meeting Exchange - Recording Server 0 Avaya Meeting Exchange - Client Registration Server 0 Avaya Meeting Exchange 5.0 .0.52 Avaya Meeting Exchange 5.2 SP2 Avaya Meeting Exchange 5.2 SP1 Avaya Meeting Exchange 5.2 Avaya Meeting Exchange 5.1 SP1 Avaya Meeting Exchange 5.1 Avaya Meeting Exchange 5.0 SP2 Avaya Meeting Exchange 5.0 SP1 Avaya Meeting Exchange 5.0 Avaya Communication Server 1000 Telephony Manager 4.0 Avaya Communication Server 1000 Telephony Manager 3.0 Avaya CallPilot 5.0 Avaya CallPilot 4.0 Avaya Aura Conferencing 6.0 Standard

Not Vulnerable:

Discussion

Microsoft .NET Framework ASP.NET Forms CVE-2011-3417 Security Bypass Vulnerability

Microsoft .NET Framework is prone to a security-bypass vulnerability in ASP.NET.

An attacker can exploit this issue by sending crafted links to users and convincing the users to follow the links. Successful exploits will allow attackers to execute arbitrary commands in the context of the target user.

Exploit / POC

Microsoft .NET Framework ASP.NET Forms CVE-2011-3417 Security Bypass Vulnerability

Attackers can exploit this issue using readily available tools.

Solution / Fix

Microsoft .NET Framework ASP.NET Forms CVE-2011-3417 Security Bypass Vulnerability

Solution:
The vendor released an update. Please see the references for more information.

Microsoft .NET Framework 2.0 SP2

Microsoft Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows X
http://www.microsoft.com/downloads/details.aspx?familyid=eff633f7-abd9 -45cc-acbd-4885123dbed2

Microsoft Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2 and
http://www.microsoft.com/downloads/details.aspx?familyid=49050cf2-949a -40e5-b2ee-6257a3837294

Microsoft .NET Framework 4.0

Microsoft Security Update for Microsoft .NET Framework 4
http://www.microsoft.com/downloads/details.aspx?familyid=37a8fb34-e3ad -4605-980b-28361889ce72

Microsoft .NET Framework 1.1 SP1

Microsoft Security Update for Microsoft .NET Framework 1.1 Service Pack 1 on Windows Server 2003 Service Pack
http://www.microsoft.com/downloads/details.aspx?familyid=7538762a-50e9 -4f13-a60e-ff99aa8fbbf8

Microsoft Security Update for Microsoft .NET Framework 1.1 Service Pack 1 on Windows XP, Windows Server 2003 (
http://www.microsoft.com/downloads/details.aspx?familyid=471e1f51-c79c -4285-9f1e-aee1e4c4f189

Microsoft .NET Framework 3.5 SP1

Microsoft Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows XP, Windows Server 2003,
http://www.microsoft.com/downloads/details.aspx?familyid=306acd0a-bea2 -40dd-a639-f381587c9eb7

Microsoft Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2
http://www.microsoft.com/downloads/details.aspx?familyid=2de28d32-1efd -4177-82e6-19a08266096c

Microsoft Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 20
http://www.microsoft.com/downloads/details.aspx?familyid=26e0b56d-9228 -49cf-9276-0741257567a9

References

Microsoft .NET Framework ASP.NET Forms CVE-2011-3417 Security Bypass Vulnerability

References:

.NET Framework Homepage (Microsoft)
Microsoft Homepage (Microsoft)
Microsoft Security Bulletin MS11-100 - Critical (Microsoft)
ASA-2012-006 MS11-100 Vulnerability in ASP.NET Could Allow Denial of Service (26 (Avaya)