What is CVE-2011-1271?

CVE-2011-1271 is a high-severity vulnerability in Microsoft .Net_framework, classified under CWE-264. CVSS score: 7.7/10. Published 2011-05-10.

How severe is CVE-2011-1271?

High severity. CVSS v3 base score is 7.7 out of 10.

NULL pointer dereference in Microsoft .Net_framework

CVE-2011-1271

The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended…

EPSS: 0.136 (94.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L.

Affected products

Microsoft .Net_framework — versions 4.0, 3.5.1, 2.0
Microsoft Windows_2003_server
Microsoft Windows_7
Microsoft Windows_server_2003
Microsoft Windows_server_2008 — versions r2
Microsoft Windows_vista
Microsoft Windows_xp
N/a — versions n/a

Weakness classification (CWE)

References

oval:org.mitre.oval:def:12686 (x_refsource_OVAL, signature, vdb-entry)
MS11-044 (x_refsource_MS, vendor-advisory)
secure@microsoft.com (Exploit, x_refsource_MISC)

Frequently asked questions

What is CVE-2011-1271?: CVE-2011-1271 is a high-severity vulnerability in Microsoft .Net_framework, classified under CWE-264. CVSS score: 7.7/10. Published 2011-05-10.
How severe is CVE-2011-1271?: High severity. CVSS v3 base score is 7.7 out of 10.