CVE-2009-0090
9.3
Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 8.6 / Impact: 10.0
Source: NVD
Description
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
Affected (26)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| All versions | |
| All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| All versions | |
| Version 2.0 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| All versions | |
| All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.0 sp3 | |
| All versions |
Related CWEs
References (6)
Source: secure@microsoft.com
US Government Resource
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.