CVE-2011-1271

The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework JIT Optimization Vulnerability."

The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework JIT Optimization Vulnerability."

El Compilador JIT en Microsoft .NET Framework versiones 3.5 Gold y SP1, 3.5.1 y 4.0, cuando IsJITOptimizerDisabled es falso, no controla apropiadamente las expresiones relacionadas con cadenas NULL, lo que permite a los atacantes dependiendo del contexto omitir las restricciones de acceso previstas, y, en consecuencia, ejecutar código arbitrario, en circunstancias oportunistas mediante la explotación a una aplicación creada, como es demostrado por (1) una aplicación de navegador XAML creada (también conocida como XBAP), (2) una aplicación ASP.NET creada, o (3) una aplicación de .NET Framework creada, también se conoce como "NET Framework JIT Optimization Vulnerability".