CVE-2009-2497

The Common Language Runtime CLR in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP, 2 a crafted Silverlight application, ...

CVE-2009-0090

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via 1 a crafted XAML browser application XBAP, 2 a crafted ASP.NET application, or 3 a...

PT-2009-4904 · Microsoft · Xaml +3

Name of the Vulnerable Software and Affected Versions: Microsoft .NET Framework versions 2.0 through 3.5 SP1 Silverlight version 2 Description: The issue allows remote attackers to execute arbitrary code via a crafted application. A remote code execution vulnerability exists in the Microsoft .NET...

Microsoft .NET Framework指针校验远程代码执行漏洞(MS09-059)

Bugraq ID: 36611 CVE ID：CVE-2009-0090 Microsoft .NET Framework是一个流行的软件开发工具包。 Microsoft .NET Framework存在一个远程代码执行漏洞，允许恶意Microsoft .NET应用程序获得一个可管理的指针给长久不使用的栈内存，恶意Microsoft .NET应用程序之后可使用此指针修改位于之后栈中的合法值，导致任意未管理的代码执行。 目前没有详细漏洞细节提供。 Microsoft .NET Framework 1.x Microsoft .NET Framework 2.x Microsoft .NE...

Microsoft Silverlight和.NET Framework CLR接口处理远程代码执行漏洞(MS09-059)

Bugraq ID: 36611 CVE ID：CVE-2009-0090 Microsoft .NET Framework是一个流行的软件开发工具包。 Microsoft .NET Framework存在一个远程代码执行漏洞，允许恶意Microsoft .NET应用程序获得一个可管理的指针给长久不使用的栈内存，恶意Microsoft .NET应用程序之后可使用此指针修改位于之后栈中的合法值，导致任意未管理的代码执行。 目前没有详细漏洞细节提供。 Microsoft .NET Framework 1.x Microsoft .NET Framework 2.x Microsoft .NE...

Microsoft .NET Framework类型校验远程代码执行漏洞(MS09-059)

Bugraq ID: 36617 CVE ID：CVE-2009-0091 Microsoft .NET Framework是一个流行的软件开发工具包。 Microsoft .NET Framework存在一个远程代码执行漏洞，允许恶意Microsoft .NET应用程序绕过类型等式检查，恶意Microsoft .NET应用程序通过指派某个对象类型为其他类型，导致任意未管理代码执行。 目前没有详细漏洞细节提供。 Microsoft .NET Framework 1.x Microsoft .NET Framework 2.x Microsoft .NET Framework 3.x...

Microsoft Security Bulletin MS09-061 - Critical Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)

Microsoft Security Bulletin MS09-061 - Critical Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution 974378 Published: October 13, 2009 Version: 1.0 General Information Executive Summary This security update resolves three privately reported...

PT-2009-2790 · Microsoft · .Net Framework

Name of the Vulnerable Software and Affected Versions: Microsoft .NET Framework versions 1.0 SP3 through 2.0 SP1 Description: The issue allows remote attackers to obtain unintended access to stack memory and execute arbitrary code via crafted applications, including XAML browser applications,...

MS09-061: Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)

The remote Windows host is running a version of the Microsoft .NET Framework that is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Microsoft .NET Framework that could allow a malicious Microsoft .NET application to obtain a managed pointer to stack...

Microsoft Ships Largest Batch of Security Patches

Microsoft today released its largest ever batch of Patch Tuesday updates to fix a whopping 34 security holes in a wide range of widely deployed software products. The latest patch batch covers critical vulnerabilities in software products that are bundled with Microsoft’s dominant Windows operati...

Microsoft GDI+ .NET Framework Remote Code Execution Vulnerability

Description Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library within the .NET framework fails to properly handle certain API calls. Successful exploits can allow an attacker to execute arbitrary code with the privileges of the currently...

Microsoft Internet Explorer HTML Component Handling Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks m...

Microsoft .NET Framework Pointer Verification Remote Code Execution Vulnerability

Description The .NET Framework is prone to a remote code-execution vulnerability because it fails to properly verify .NET applications before running them. Successful exploits may allow an attacker to execute arbitrary code with the privileges of the currently logged-in user. Failed attacks will...

Microsoft Silverlight and .NET Framework CLR Interface Handling Remote Code Execution Vulnerability

Description Microsoft Silverlight and .NET Framework are prone to a remote code-execution vulnerability because they fail to properly handle interfaces when running .NET applications. Successful exploits may allow an attacker to execute arbitrary code with the privileges of the currently logged-i...

Microsoft .NET Framework Type Verification Remote Code Execution Vulnerability

Description The .NET Framework is prone to a remote code-execution vulnerability because it fails to properly verify .NET applications before running them. Successful exploits may allow an attacker to execute arbitrary code with the privileges of the currently logged-in user. Failed attacks will...

xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...

Denial of service

ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service daemon outage via a series of crafted HTTP requests, aka "Remote...

CVE-2009-1536

ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service daemon outage via a series of crafted HTTP requests, aka "Remote...

CVE-2009-1536

Summary of CVE-2009-1536 (MS09-036). A Denial of Service vulnerability exists in the Microsoft .NET Framework when ASP.NET is used in IIS 7.0 in integrated mode. The issue stems from improper management of request scheduling in ASP.NET, which could allow remote attackers to cause a Web server to ...

Microsoft .NET Framework请求调度远程拒绝服务漏洞（MS09-036）

BUGTRAQ ID: 35985 CVECAN ID: CVE-2009-1536 Microsoft .NET Framework是一个流行的软件开发工具包。 ASP.NET管理请求调度的方式存在拒绝服务漏洞。攻击者可以创建特制的匿名HTTP请求导致受影响的Web服务器变得没有响应，直到重启相关的应用池。 仅可通过IIS 7.0暴露Microsoft .NET Framework中的漏洞代码。对于没有运行IIS 7.0的系统，无法利用这个漏洞。 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 Microsof...