CVE-2011-1978

Microsoft .NET Framework <4 - Info Disclosure

Title source: llm
STIX 2.1

Description

Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability."

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12901

Scores

EPSS 0.2021
EPSS Percentile 97.2%

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-200
Status published
Products (3)
microsoft/.net_framework 4.0
microsoft/.net_framework 3.5.1
microsoft/.net_framework 2.0 sp2
Published Aug 10, 2011
Tracked Since Feb 18, 2026