5.8

CVE-2011-0989

The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MonoMono
NovellMoonlight Version2.0
NovellMoonlight Version2.3.0
NovellMoonlight Version2.4
NovellMoonlight Version2.31
NovellMoonlight Version3.0
NovellMoonlight Version3.99
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.69% 0.839
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:N/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.mono-project.com/Vulnerabilities
http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html
http://openwall.com/lists/oss-security/2011/04/06/14
Patch
http://secunia.com/advisories/44002
Vendor Advisory
http://secunia.com/advisories/44076
Vendor Advisory
http://www.securityfocus.com/bid/47208
http://www.vupen.com/english/advisories/2011/0904
Vendor Advisory
https://bugzilla.novell.com/show_bug.cgi?id=667077
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/66624
https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e
Patch