Description of the security update for the .NET Framework 2.0 for Windows Vista: July 10, 2007
Description: A security issue has been identified that could allow an attacker to compromise your Windows-based system running the Microsoft .NET Framework and gain access to restricted data. You can help protect your computer by installing this update from Microsoft.
Update type: Important
Release date: July 10, 2007
Applies to: All versions
Knowledge base: http://support.microsoft.com/kb/929916
Comments: Though not specifically for the core of Vista, all Vista releases include IE7, so it is relevant. This update resolves three privately reported vulnerabilities. Two of these vulnerabilities could allow remote code execution on client systems with .NET Framework installed, and one could allow information disclosure on Web servers running ASP.NET. In all remote code execution cases, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update addresses two vulnerabilities by modifying the way .NET Framework addresses buffer allocation. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information. Details also available in security bulletin MS07-040.
For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB929916.