Lucene search

[email protected]CVE-2008-5100

HistoryNov 17, 2008 - 6:18 p.m.

CVE-2008-5100

2008-11-1718:18:47

CWE-310

[email protected]

web.nvd.nist.gov

microsoft

.net framework

sn implementation

digital signature

global assembly cache

code access security

nvd

cve-2008-5100

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.0%

JSON

The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.

Affected configurations

NVD

Node

microsoft.net_frameworkMatch2.0.50727

CPENameOperatorVersion
microsoft:.net_frameworkmicrosoft .net frameworkeq2.0.50727

CPE	Name	Operator	Version
microsoft:.net_framework	microsoft .net framework	eq	2.0.50727

References

securityreason.com/securityalert/4605

www.applicationsecurity.co.il/.NET-Framework-Rootkits.aspx

www.applicationsecurity.co.il/LinkClick.aspx?fileticket=ycIS1bewMBI%3d&tabid=161&mid=555

www.securityfocus.com/archive/1/498311/100/0/threaded

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.0%

JSON

Related for CVE-2008-5100

cvelist1 prion1 nvd1