Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0090

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-0090
Last Modified 21 Aug 2010 01:29:43
Published 14 Oct 2009 06:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0090

Summary

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 7 -

  • Microsoft Windows Server 2003

  • Microsoft Windows Server 2008

  • Microsoft Windows Server 2008 -

  • Microsoft Windows Vista

  • Microsoft Windows Xp

  • Microsoft Windows Xp -

Application

  • Microsoft .net Framework 1.0

  • Microsoft .net Framework 1.1

  • Microsoft .net Framework 2.0

  • Microsoft .net Framework 3.5


References

CERT - TA09-286A

MS - MS09-061

Related Patches

MS09-061 Microsoft .NET Framework 2.0 Service Pack 1 Security Update for Windows Vista (KB974292)

MS09-061 Microsoft .NET Framework 2.0 Security Update for Windows Vista (KB974468)

MS09-061 Microsoft .NET Framework 2.0 Service Pack 2 Security Update for Windows Vista (KB974467)

MS09-061 Microsoft .NET Framework 2.0 Service Pack 2 Security Update for Windows Vista for x64-based Systems (KB974467)

MS09-061 Microsoft .NET Framework 2.0 Security Update for Windows Vista for x64-based Systems (KB974468)

MS09-061 Microsoft .NET Framework 2.0 Service Pack 1 Security Update for Windows Vista for x64-based Systems (KB974292)

Microsoft .NET Framework 1.1 SP1 (Rev 2)


Last Updated: 27 May 2016 10:50:06