Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
History
21 Nov 2024, 00:59
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.us-cert.gov/cas/techalerts/TA09-286A.html - US Government Resource | |
References | () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-061 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5716 - |
07 Dec 2023, 18:38
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:* |
Information
Published : 2009-10-14 10:30
Updated : 2024-11-21 00:59
NVD link : CVE-2009-0090
Mitre link : CVE-2009-0090
CVE.ORG link : CVE-2009-0090
JSON object : View
Products Affected
microsoft
- windows_vista
- windows_7
- .net_framework
- windows_xp
- windows_2000
- windows_server_2003
- windows_server_2008
CWE
CWE-264
Permissions, Privileges, and Access Controls