Lucene search

K
cveMicrosoftCVE-2010-1898
HistoryAug 11, 2010 - 6:47 p.m.

CVE-2010-1898

2010-08-1118:47:50
CWE-94
microsoft
web.nvd.nist.gov
67
cve-2010-1898
common language runtime
clr
microsoft .net framework
microsoft silverlight
virtual method delegate
vulnerability
remote code execution
xaml
xbap
asp.net
.net framework

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.65

Percentile

98.0%

The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka “Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.”

Affected configurations

Nvd
Node
microsoft.net_frameworkMatch2.0sp1
OR
microsoft.net_frameworkMatch2.0sp2
OR
microsoft.net_frameworkMatch3.5
OR
microsoft.net_frameworkMatch3.5sp1
OR
microsoft.net_frameworkMatch3.5.1
Node
microsoftsilverlightRange3.0.40818.0
OR
microsoftsilverlightMatch2.0.31005.00
OR
microsoftsilverlightMatch2.0.40115.00
OR
microsoftsilverlightMatch3.0.40624.00
OR
microsoftsilverlightMatch3.0.40723.0
AND
applemac_os_x
Node
microsoftsilverlightRange3.0.50106.0
OR
microsoftsilverlightMatch2.0.31005.00
OR
microsoftsilverlightMatch2.0.40115.00
OR
microsoftsilverlightMatch3.0.40624.00
OR
microsoftsilverlightMatch3.0.40723.0
OR
microsoftsilverlightMatch3.0.40818.0
AND
microsoftwindows
VendorProductVersionCPE
microsoft.net_framework2.0cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*
microsoft.net_framework2.0cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
microsoft.net_framework3.5cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
microsoft.net_framework3.5cpe:2.3:a:microsoft:.net_framework:3.5:sp1:*:*:*:*:*:*
microsoft.net_framework3.5.1cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
microsoftsilverlight*cpe:2.3:a:microsoft:silverlight:*:*:*:*:*:*:*:*
microsoftsilverlight2.0.31005.00cpe:2.3:a:microsoft:silverlight:2.0.31005.00:*:*:*:*:*:*:*
microsoftsilverlight2.0.40115.00cpe:2.3:a:microsoft:silverlight:2.0.40115.00:*:*:*:*:*:*:*
microsoftsilverlight3.0.40624.00cpe:2.3:a:microsoft:silverlight:3.0.40624.00:*:*:*:*:*:*:*
microsoftsilverlight3.0.40723.0cpe:2.3:a:microsoft:silverlight:3.0.40723.0:*:*:*:*:*:*:*
Rows per page:
1-10 of 131

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.65

Percentile

98.0%