CVE-2009-0090

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
OR cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*
OR cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:3.5:sp1:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
OR cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:2.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:3.5:sp1:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:a:microsoft:.net_framework:1.0:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:3.5:sp1:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*

History

21 Nov 2024, 00:59

Type Values Removed Values Added
References () http://www.us-cert.gov/cas/techalerts/TA09-286A.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA09-286A.html - US Government Resource
References () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-061 - () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-061 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5716 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5716 -

07 Dec 2023, 18:38

Type Values Removed Values Added
CPE cpe:2.3:o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:*

Information

Published : 2009-10-14 10:30

Updated : 2024-11-21 00:59


NVD link : CVE-2009-0090

Mitre link : CVE-2009-0090

CVE.ORG link : CVE-2009-0090


JSON object : View

Products Affected

microsoft

  • windows_vista
  • windows_7
  • .net_framework
  • windows_xp
  • windows_2000
  • windows_server_2003
  • windows_server_2008
CWE
CWE-264

Permissions, Privileges, and Access Controls