CVE-2011-1978
medium
Microsoft CVSS v3 Base Score
4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS Score
14.3%
Exploitation probability in 30 days
Top 6% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
None
Availability
None
Published: August 10, 2011 (5391 days ago)
Last Modified: April 29, 2026
Vendor: Microsoft
Source: NVD
Vulnerability Report
Generated by CyberWatcher
Description
Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability."
CWE
CWE-200Affected Products
microsoft .net framework