10.299.2011 - MS11-069 - Moderate : Vulnerability in .NET Framework Could Allow Information Disclosure (2567951) - Version: 1.2

Severity Rating: Moderate Revision Note: V1.2 (October 26, 2011): Corrected Server Core installation applicability for .NET Framework 4 on Windows Server 2008 R2 for x64-based Systems. Summary: This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow information disclosure if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. - View Microsoft Security Bulletin MS11-069 - View Microsoft Knowledge Base Article - on: 1. - Visit Microsoft Corporation