CVE-2009-2497
9.3
Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 8.6 / Impact: 10.0
Source: NVD
Description
The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability."
Affected (26)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| All versions | |
| All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| All versions | |
| Version 2.0 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| All versions | |
| All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.0 sp3 | |
| All versions |
References (6)
Source: secure@microsoft.com
US Government Resource
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.