9.3
CVE-2010-1898
- EPSS 54.7%
- Veröffentlicht 11.08.2010 18:47:50
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle secure@microsoft.com
- Teams Watchlist Login
- Unerledigt Login
The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ .Net Framework Version2.0 Updatesp1
Microsoft ≫ .Net Framework Version2.0 Updatesp2
Microsoft ≫ .Net Framework Version3.5
Microsoft ≫ .Net Framework Version3.5 Updatesp1
Microsoft ≫ .Net Framework Version3.5.1
Microsoft ≫ Silverlight Version <= 3.0.40818.0
Microsoft ≫ Silverlight Version2.0.31005.00
Microsoft ≫ Silverlight Version2.0.40115.00
Microsoft ≫ Silverlight Version3.0.40624.00
Microsoft ≫ Silverlight Version3.0.40723.0
Microsoft ≫ Silverlight Version <= 3.0.50106.0
Microsoft ≫ Silverlight Version2.0.31005.00
Microsoft ≫ Silverlight Version2.0.40115.00
Microsoft ≫ Silverlight Version3.0.40624.00
Microsoft ≫ Silverlight Version3.0.40723.0
Microsoft ≫ Silverlight Version3.0.40818.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 54.7% | 0.978 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.