54 matches found
Input validation
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP, 2 a crafted ASP.NET application, or 3 a crafted .NET Framework...
Design/Logic Flaw
Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP, 2 a crafted ASP.NET application, or 3 a crafted .NET Framework application, aka...
CVE-2011-1978
Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via 1 a crafted XAML browser application aka XBAP, 2 a crafted ASP.NET...
CVE-2011-0664
Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP...
Microsoft Silverlight & .NET Framework非法数组偏移远程代码执行漏洞
Bugtraq ID: 48212 CVE ID:CVE-2011-0664 Microsoft .NET Framework是一个流行的软件开发工具包。Microsoft Silverlight是一个跨浏览器的、跨平台的插件,为Web带来下一代媒体体验和丰富的交互式应用程序体验。 向可信API传递值时存在输入验证错误,攻击者构建特制的XAML浏览器应用XBAP或Silverlight应用,诱使用户解析,可以不安全方式访问内存。成功利用漏洞可以以应用程序安全上下文执行任意代码 Microsoft Silverlight 4.0 Microsoft Silverlight 3.0...
Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2514842)
This host is missing a critical security update according to Microsoft Bulletin MS11-039. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2011-1271
The CVE describes a JIT optimization flaw in Microsoft .NET Framework that mishandles null-string expressions, enabling context-dependent attackers to execute arbitrary code. Affected products/variants include .NET Framework 3.5 Gold/SP1 (and 3.5.1) and 4.0 when IsJITOptimizerDisabled is false. E...
Memory corruption
The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP, 2 a crafted ASP.NET application, or 3 a crafted .NET Framework...
CVE-2010-3958
The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP, 2 a crafted ASP.NET application, or 3 a crafted .NET Framework...
Internet Explorer Object Reference Counting Memory Corruption (MS07-069; CVE-2007-3902)
Microsoft Internet Explorer IE is a web browser application that is capable of rendering both static and dynamic web content. The application is primarily used for tasks related to web browsing, such as displaying HTML encoded pages, downloading files, etc. A memory corruption vulnerability exist...
CVE-2009-2504
Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Proje...
Design/Logic Flaw
The Common Language Runtime CLR in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP, 2 a crafted Silverlight application, ...
Design/Logic Flaw
Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP, 2 a crafted ASP.NET application, or 3 a crafted .NET Framewor...
CVE-2009-0091
Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP, 2 a crafted ASP.NET application, or 3 a crafted .NET Framewor...