MS07-040 - remote code execution in .NET Framework?
- From: "Sebastian G." <seppi@xxxxxxxxx>
- Date: Wed, 11 Jul 2007 01:20:25 +0200
Can anyone explain how the issues
..NET PE Loader Vulnerability - CVE-2007-0041
..NET JIT Compiler Vulnerability - CVE-2007-0043
could affect a system? According to the description, it allows an attacker
to execute arbitrary code withing the context of the current user. As by
what the PE Loader and the JIT Compiler do, it seems like it would require
the user to execute the malicious program.
I wonder how this should be a security vulnerability since every .NET
program it free to do whatever it wants. Code Access Security is designed to
only help legitimate programs limiting their impact on the system but not to
provide any kind of sandbox, and especially .NET 1.x (listed as affected) is
impossible to redesign for providing any kind of sandboxing.
Alternately: Do you know where and how to contact any representative of the
Microsoft Security Team that could explain the issue?
.
- Prev by Date: Re: Newbie question on encryption keys
- Next by Date: Re: Newbie question on encryption keys
- Previous by thread: Newbie question on encryption keys
- Next by thread: My PC was hit with lightning and now Microcenter is looking at it.
- Index(es):
Relevant Pages
|
|
