CVE-2011-1253 : Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverligh

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."

Published 2011-10-12 02:52:43

Updated 2025-04-11 00:51:22

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2011-1253

Microsoft » .net Framework » Version: 1.1 Update SP1
cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 2003 Server » Update SP2
When used together with: Microsoft » Windows Server 2003 » Update SP2
When used together with: Microsoft » Windows Server 2008 » Update SP2 X32 Edition
When used together with: Microsoft » Windows Server 2008 » Update SP2 X64 Edition
When used together with: Microsoft » Windows Server 2008 » Version: N/A Update SP2 Itanium Edition
When used together with: Microsoft » Windows Vista » Update SP2
When used together with: Microsoft » Windows Xp » Update SP3
When used together with: Microsoft » Windows Xp » Version: N/A Update SP2 X64 Edition
Microsoft » .net Framework » Version: 1.0 Update SP3
cpe:2.3:a:microsoft:.net_framework:1.0:sp3:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows Xp » Version: 2005 Update SP3 Media Center Edition
When used together with: Microsoft » Windows Xp » Version: 2005 Update SP3 Tablet Pc Edition
Microsoft » .net Framework » Version: 2.0 Update SP2
cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 2003 Server » Update SP2
When used together with: Microsoft » Windows Server 2003 » Update SP2
When used together with: Microsoft » Windows Server 2008 » Update SP2 X32 Edition
When used together with: Microsoft » Windows Server 2008 » Update SP2 X64 Edition
When used together with: Microsoft » Windows Server 2008 » Version: N/A Update SP2 Itanium Edition
When used together with: Microsoft » Windows Vista » Update SP2
When used together with: Microsoft » Windows Xp » Update SP3
When used together with: Microsoft » Windows Xp » Version: N/A Update SP2 X64 Edition
Microsoft » .net Framework » Version: 3.5.1
cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 7 » Version: N/A
When used together with: Microsoft » Windows 7 » Version: N/A Update SP1 X64 Edition
When used together with: Microsoft » Windows 7 » Version: N/A Update SP1 X86 Edition
When used together with: Microsoft » Windows Server 2008 » Version: R2 Itanium Edition
When used together with: Microsoft » Windows Server 2008 » Version: R2 X64 Edition
Microsoft » .net Framework » Version: 4.0
cpe:2.3:a:microsoft:.net_framework:4.0:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 2003 Server » Update SP2
When used together with: Microsoft » Windows 7 » Version: N/A Update SP1 X64 Edition
When used together with: Microsoft » Windows 7 » Version: N/A Update SP1 X86 Edition
When used together with: Microsoft » Windows Server 2003 » Update SP2
When used together with: Microsoft » Windows Server 2008 » Update SP2 X32 Edition
When used together with: Microsoft » Windows Server 2008 » Update SP2 X64 Edition
When used together with: Microsoft » Windows Server 2008 » Version: N/A Update SP2 Itanium Edition
When used together with: Microsoft » Windows Server 2008 » Version: R2 Itanium Edition
When used together with: Microsoft » Windows Server 2008 » Version: R2 X64 Edition
When used together with: Microsoft » Windows Vista » Update SP2
When used together with: Microsoft » Windows Xp » Update SP3
When used together with: Microsoft » Windows Xp » Version: N/A Update SP2 X64 Edition
Microsoft » Silverlight » Version: 4.0.60531.0
cpe:2.3:a:microsoft:silverlight:4.0.60531.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2011-1253

EPSS FAQ

15.89%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 94 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2011-1253

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2011-1253

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-1253

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13069

Repository / Oval Repository
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-078

Microsoft Security Bulletin MS11-078 - Critical | Microsoft Docs

Jump to

Vulnerability Details : CVE-2011-1253

Products affected by CVE-2011-1253

Exploit prediction scoring system (EPSS) score for CVE-2011-1253

CVSS scores for CVE-2011-1253

CWE ids for CVE-2011-1253

References for CVE-2011-1253