Lucene search

[email protected]CVE-2008-5100

HistoryNov 17, 2008 - 6:18 p.m.

CVE-2008-5100

2008-11-1718:18:00

CWE-310

[email protected]

web.nvd.nist.gov

microsoft

.net framework

sn implementation

digital signature

global assembly cache

code access security

nvd

cve-2008-5100

7.4 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

52.6%

JSON

The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.

CPENameOperatorVersion
microsoft:.net_frameworkmicrosoft .net frameworkeq2.0.50727

CPE	Name	Operator	Version
microsoft:.net_framework	microsoft .net framework	eq	2.0.50727

References

securityreason.com/securityalert/4605

www.applicationsecurity.co.il/.NET-Framework-Rootkits.aspx

www.applicationsecurity.co.il/LinkClick.aspx?fileticket=ycIS1bewMBI%3d&tabid=161&mid=555

www.securityfocus.com/archive/1/498311/100/0/threaded

7.4 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

52.6%

JSON

Related for CVE-2008-5100

prion1