CVE-2011-1271

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 3.5 Gold and SP1 through 4.0

Description The issue allows context-dependent attackers to bypass intended access restrictions and execute arbitrary code by leveraging a crafted application, such as a crafted XAML browser application, a crafted ASP.NET application, or a crafted .NET Framework application. This can occur when the IsJITOptimizerDisabled setting is false. An attacker who successfully exploits this issue could take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft .NET Framework versions 3.5 Gold and SP1 through 4.0, consider disabling the JIT compiler optimization by setting IsJITOptimizerDisabled to true until a patch is available. As a temporary workaround, restrict the execution of crafted applications, such as XAML browser applications, ASP.NET applications, or .NET Framework applications, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.