CVE-2011-1253

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 Silverlight versions prior to 4.0.60831

Description A remote code execution issue exists due to improper restriction of inheritance within classes. This allows remote attackers to execute arbitrary code via crafted applications, including XAML browser applications, ASP.NET applications, .NET Framework applications, or Silverlight applications. An attacker who successfully exploits this issue could run arbitrary code in the security context of the logged-on user, potentially installing programs, viewing, changing, or deleting data, or creating new accounts with full user rights.

Recommendations For Microsoft .NET Framework versions 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, update to a version that properly restricts class inheritance. For Silverlight versions prior to 4.0.60831, update to version 4.0.60831 or later to mitigate the risk of remote code execution.