CVE-2011-0664

2011-06-1620:55:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2011-0664

microsoft

.net framework

silverlight

remote code execution

vulnerability

nvd

networking api

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.261 Low

EPSS

Percentile

96.7%

JSON

Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka “.NET Framework Array Offset Vulnerability.”

CPENameOperatorVersion
microsoft:.net_frameworkmicrosoft .net frameworkeq4.0
microsoft:.net_frameworkmicrosoft .net frameworkeq3.5.1
microsoft:.net_frameworkmicrosoft .net frameworkeq2.0
microsoft:.net_frameworkmicrosoft .net frameworkeq3.5
microsoft:silverlightmicrosoft silverlighteq4.0.60310.0

CPE	Name	Operator	Version
microsoft:.net_framework	microsoft .net framework	eq	4.0
microsoft:.net_framework	microsoft .net framework	eq	3.5.1
microsoft:.net_framework	microsoft .net framework	eq	2.0
microsoft:.net_framework	microsoft .net framework	eq	3.5
microsoft:silverlight	microsoft silverlight	eq	4.0.60310.0