CVE-2011-0664

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 2.0 SP1 through 4.0 Silverlight versions prior to 4.0.60531.0

Description The issue allows remote attackers to execute arbitrary code via crafted applications, including XAML browser applications, ASP.NET applications, .NET Framework applications, or Silverlight applications. This is due to improper validation of arguments to unspecified networking API functions. An attacker who successfully exploits this issue could run arbitrary code in the security context of the logged-on user, potentially installing programs, viewing, changing, or deleting data, or creating new accounts with full user rights.

Recommendations For Microsoft .NET Framework versions 2.0 SP1 through 4.0, update to a version that properly validates arguments to networking API functions. For Silverlight versions prior to 4.0.60531.0, update to version 4.0.60531.0 or later to resolve the issue.