CVE-2010-4254
7 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.347 Low
EPSS
Percentile
97.1%
Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.
References
lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
secunia.com/advisories/42373
secunia.com/advisories/42877
www.exploit-db.com/exploits/15974
www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability
www.securityfocus.com/bid/45051
www.vupen.com/english/advisories/2011/0076
bugzilla.novell.com/show_bug.cgi?id=654136
bugzilla.novell.com/show_bug.cgi?id=655847
github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399
github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358
github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac
Related
7 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.347 Low
EPSS
Percentile
97.1%