.NET framework itself is no different than C++ runtime. It runs at the same level as your application.

As long as you application don't listen to external port, the attack surface is not increased.

If for some reason, you have to run something like 10+ years old FTP software, every security implications you can think of applies here.

The following is specific to .NET v1.1, AFAIK, this installation itself does not contain parts the needs to listen to the network. So as long as you don't install/enable IIS on that machine, it shouldn't create more holes for bad guys to dig in. You could really just treat it as old C++ runtime.