User31056

**Name of the Vulnerable Software and Affected Versions** Microsoft .NET Framework versions 3.5 Gold and SP1 through 4.0 **Description** The issue allows context-dependent attackers to bypass intended access restrictions and execute arbitrary code by leveraging a crafted application, such as a crafted XAML browser application, a crafted ASP.NET application, or a crafted .NET Framework application. This can occur when the IsJITOptimizerDisabled setting is false. An attacker who successfully exploits this issue could take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft .NET Framework versions 3.5 Gold and SP1 through 4.0, consider disabling the JIT compiler optimization by setting IsJITOptimizerDisabled to true until a patch is available. As a temporary workaround, restrict the execution of crafted applications, such as XAML browser applications, ASP.NET applications, or .NET Framework applications, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.