CVE-2015-2504

2015-09-0900:59:00

CWE-119

[email protected]

web.nvd.nist.gov

111

microsoft

.net framework

elevation of privilege

vulnerability

cve-2015-2504

nvd

7.7 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.241 Low

EPSS

Percentile

96.5%

JSON

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts objects before performing an array copy, which allows remote attackers to (1) execute arbitrary code via a crafted XAML browser application (XBAP) or (2) bypass Code Access Security restrictions via a crafted .NET Framework application, aka “.NET Elevation of Privilege Vulnerability.”

CPENameOperatorVersion
microsoft:.net_frameworkmicrosoft .net frameworkeq4.0
microsoft:.net_frameworkmicrosoft .net frameworkeq4.5.1
microsoft:.net_frameworkmicrosoft .net frameworkeq4.5.2
microsoft:.net_frameworkmicrosoft .net frameworkeq2.0
microsoft:.net_frameworkmicrosoft .net frameworkeq4.6
microsoft:.net_frameworkmicrosoft .net frameworkeq4.5
microsoft:.net_frameworkmicrosoft .net frameworkeq3.5
microsoft:.net_frameworkmicrosoft .net frameworkeq3.5.1

CPE	Name	Operator	Version
microsoft:.net_framework	microsoft .net framework	eq	4.0
microsoft:.net_framework	microsoft .net framework	eq	4.5.1
microsoft:.net_framework	microsoft .net framework	eq	4.5.2
microsoft:.net_framework	microsoft .net framework	eq	2.0
microsoft:.net_framework	microsoft .net framework	eq	4.6
microsoft:.net_framework	microsoft .net framework	eq	4.5
microsoft:.net_framework	microsoft .net framework	eq	3.5
microsoft:.net_framework	microsoft .net framework	eq	3.5.1