Ubuntu.comUB:CVE-2011-0989CVE-2011-0989
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.04 Low
EPSS
Percentile
92.0%
The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when
Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly
restrict data types, which allows remote attackers to modify internal
read-only data structures, and cause a denial of service (plugin crash) or
corrupt the internal state of the security manager, via a crafted media
file, as demonstrated by modifying a C# struct.
Bugs
Notes
| Author | Note |
|---|---|
| mdeslaur | upstream note: The bug (and fix) is in mono source code but can only be exploited (by untrusted applications) when used by Moonlight. Setting severity to negligible. |
| jdstrand | 2.10.5-1 has the fixes in source |
Related
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.04 Low
EPSS
Percentile
92.0%