CVE-2010-1898
9.3
Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 8.6 / Impact: 10.0
Source: NVD
Description
The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability."
Affected (12)
Products: Microsoft: .net Framework, Silverlight
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.0 sp1 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.0.40818.0 |
| Running on/with | Platform Versions |
|---|---|
Apple Mac Os X | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.0.50106.0 |
| Running on/with | Platform Versions |
|---|---|
Microsoft Windows | All versions |
References (6)
Source: secure@microsoft.com
US Government Resource
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.