This security update addresses one publicly and three privately disclosed vulnerabilities in Microsoft .NET Framework. The most dangerous of these may lead to elevation of privilege if a potential attacker sends a maliciously crafted web request to the target. Successfully exploiting this system bug could also lead to execution of arbitrary command using an existing account on the ASP.NET site. To do this, an attacker must be registered to an account on the ASP.NET site and use an existing user credential.
Trend Micro Deep Security shields the following vulnerabilities using the specified filter rules.
|Bulletin ID||Vulnerability ID||Rule Number and Title||Deep Security Pattern Version||Deep Security Pattern Release Date|
|MS11-100||CVE-2011-3414||1004886 - Microsoft ASP.NET Hashes Denial Of Service Vulnerability (CVE-2011-3414)||11-036||Dec 30, 2011|
|MS11-100||CVE-2011-3415||1004887 - Microsoft ASP.NET Framework Forms Authentication URI Spoofing Vulnerability (CVE-2011-3415)||11-037||Dec 31, 2011|
|CVE-2011-3416||1000128 - HTTP Protocol Decoding||11-014||May 4, 2011|