HTTP: Microsoft .NET Framework XAML Browser Applications Stack Corruption
This signature detects attempts to exploit a known vulnerability against Microsoft .NET Framework. It is due to memory corruption when handling method calls that take structures with misaligned fields as parameters. Remote attackers could exploit this vulnerability by either enticing target users to visit a malicious web page containing an XBAP (XAML browser application), or by uploading an ASP.NET application to a vulnerable server. Successful exploitation could result in execution of arbitrary code within the security context of the currently logged on user. An unsuccessful exploit attempt may terminate the PresentationHost.exe .NET component.
Extended Description
The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."
References
CVE: CVE-2010-3958
Short Name
HTTP:MS-DOT-NET-XAML-RCE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
.NET Applications Browser CVE-2010-3958 Corruption Framework Microsoft Stack XAML
Release Date
01/09/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3659
False Positive
Unknown
CVSS Score
9.3