Description
The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework JIT Optimization Vulnerability."
Exploits (1)
exploitdb
STUB
VERIFIED
by Brian Mancini · textremotewindows
https://www.exploit-db.com/exploits/35740
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12686
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-044
Exploit x_refsource_misc
http://stackoverflow.com/questions/2135509/bug-only-occurring-when-compile-optimization-enabled/
Scores
CVSS v3
7.7
EPSS
0.1361
EPSS Percentile
94.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-264
CWE-476
Status
published
Products (4)
microsoft/.net_framework
4.0
microsoft/.net_framework
3.5.1
microsoft/.net_framework
2.0 sp2 (2 CPE variants)
microsoft/.net_framework
3.5 sp1 (2 CPE variants)
Published
May 10, 2011
Tracked Since
Feb 18, 2026