CVE-2011-1978

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 2.0 SP2, 3.5.1, and 4

Description An information disclosure issue exists due to improper validation of the trust level within the System.Net.Sockets namespace. This allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via crafted applications. An attacker who successfully exploits this issue could access information not intended to be exposed and direct network traffic from a victim's system to other network resources the victim can access, potentially leading to denial of service or scanning of network resources available to the victim.

Recommendations For Microsoft .NET Framework versions 2.0 SP2, 3.5.1, and 4, update to a version that properly validates the System.Net.Sockets trust level to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.