-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2011-0033.
 
Title: Multiple vulnerabilities in .NET Framework including critical Elevation of Privilege flaw

Version history:
29.12.2011 Initial publication

Summary
=======
Microsoft has released an out-of-band security update [1] that resolves one publicly disclosed vulnerability [2] and three 
privately reported vulnerabilities in Microsoft .NET Framework. 
The most severe of these vulnerabilities could allow elevation of privilege if an unauthenticated attacker sends a specially 
craftedjavascript:SetCmd(cmdSend); web request to the target site. An attacker who successfully exploited this vulnerability 
could take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands. In order 
to exploit this vulnerability, an attacker must be able to register an account on the ASP.NET site, and must know an existing 
user name.

See [10] for further details.

CVE-2011-3414 - - CVE-2011-3415  - CVE-2011-3416 - CVE-2011-3417

Remote Yes
Credibility Vendor Confirmed
Ease No exploit available

CVSSv2 [10] Base Score: 9.4 (AV:N/AC:L/Au:N/C:C/I:C/A:N)

Technical description
==============================
The following vulnerabilities have been released. More description may be found in [1]:

Collisions in HashTable May Cause DoS Vulnerability - This vulnerability has been disclosed [2];
Insecure Redirect in .NET Form Authentication Vulnerability - This vulnerability has been rated as high by the vendor;
ASP.Net Forms Authentication Bypass Vulnerability;
ASP.NET Forms Authentication Ticket Caching Vulnerability;


Vulnerable systems
==================
Microsoft .NET Framework 1.1 Service Pack 1, 
Microsoft .NET Framework 2.0 Service Pack 2, 
Microsoft .NET Framework 3.5 Service Pack 1, 
Microsoft .NET Framework 3.5.1, 
and Microsoft .NET Framework 4 
on all supported editions of Microsoft Windows. 

What can you do?
================
Fix and workarounds are available [1]

What to tell your users?
========================
This vulnerability impacts administrators only.

More information
================

[1] http://technet.microsoft.com/en-us/security/bulletin/ms11-100
[2] http://technet.microsoft.com/en-us/security/advisory/2659883

[10] Information about CVSS: http://www.first.org/cvss/cvss-guide.html


Best regards,
CERT-EU
CERT-EU Pre-configuration Team (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383

(DISCLAIMER: CERT-EU, the CERT for the EU institutions, is currently in its setup phase, until May 2012. Services are provided in 
a pilot fashion, and are not yet fully functional. Announcements, alerts and warnings are sent out in best effort manner, and to 
contact information currently known to us. We apologise if you are not the correct recipient, or if you had already been warned 
about this issue from another source . Format, content and way of alerting are subject to change in the future. Contact 
information or even the team name may change as well.)





-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.39

iQJXBAEBAgBBBQJPHSdiOhxDRVJUIGZvciB0aGUgRXVyb3BlYW4gSW5zdGl0dXRp
b25zIDxjZXJ0LWV1QGVjLmV1cm9wYS5ldT4ACgkQJ6QGykasQ4O3AA//UWwLDRYg
spHr9PMhPt8xyQD9cuOKfSpAbfUXyMgsuloYRDOAoO63AbLU0RGpJV4wqphGUjLw
ERd4wZ42u5RZen9d9Ycb9wKdcRY9chT8yzEsB6c5oNCd+DbDUkkzmpM/OG1u7eTi
Fk8XUOTBzSVzS9tu6x+W6+znQnXgjZqKqzra8f9m+8B6YYyQTIDM3NyB8lv9C7g/
HEAjvZXMqMG2qfWAo/AQKgjiSpe0OW4eXPyfC5ZmU2iOvtgGZT0Xr651+wGcQqlq
XypR1kDhjl6JDXrau6rVz4Kh+Q5+dHbN77AAk9u3LHMl0Q2KQGbb/NRPHmr4Ddpw
3dzjlc7HaCEWxWzxc3DxrzXwylrC43UaeSNzgiELvz8E0dpciwboLpfNb0O6UZI5
SVgJI9NjBAWrcWvqUQJldm1dW5Paj8z7mRAREEpqzsi1Hm7WS3TsbWDCZ755FQRe
BEfFW4ZTzUYd22/RaeVcykCUR5oSOpQW8x93IaSDRX2F5wpz5bEge2loLDQz5t6E
43WRmYJMAPbtb+l+KIki578hTbFq1ozUzaCPq6c4LYAmiP+lb7TWvFb8RN+YAyWS
aa7vLS4quv3ZQje6w2GHnIESXvV7Ho3ECidAinXPCwSOTD+Lh4vXVyrD88lkvemU
2vfKfTlCtkWYDlrj836Y7a0Zcs2Jtf/NXls=
=PQwx
-----END PGP SIGNATURE-----