Lucene search

[email protected]CVE-2009-0090

HistoryOct 14, 2009 - 10:30 a.m.

CVE-2009-0090

2009-10-1410:30:00

CWE-264

[email protected]

web.nvd.nist.gov

microsoft

.net framework

pointer verification

vulnerability

2009

cve-2009-0090

security issue

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.4 High

AI Score

Confidence

High

0.745 High

EPSS

Percentile

98.1%

JSON

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka “Microsoft .NET Framework Pointer Verification Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_2000sp4

AND

microsoft.net_frameworkMatch1.1sp1

microsoft.net_frameworkMatch2.0sp1

microsoft.net_frameworkMatch2.0sp2

Node

microsoftwindows_server_2003sp2

microsoftwindows_server_2008itanium

microsoftwindows_server_2008x32

microsoftwindows_server_2008x64

microsoftwindows_server_2008sp2itanium

microsoftwindows_server_2008sp2x64

microsoftwindows_server_2008Match-sp2

microsoftwindows_server_2008Match-sp2x86

AND

microsoft.net_frameworkMatch1.1sp1

microsoft.net_frameworkMatch2.0sp1

microsoft.net_frameworkMatch2.0sp2

microsoft.net_frameworkMatch3.5

microsoft.net_frameworkMatch3.5sp1

Node

microsoftwindows_vista

microsoftwindows_vistax64

microsoftwindows_vistasp1

microsoftwindows_vistasp2

AND

microsoft.net_frameworkMatch1.1sp1

microsoft.net_frameworkMatch2.0

microsoft.net_frameworkMatch2.0sp1

microsoft.net_frameworkMatch2.0sp2

microsoft.net_frameworkMatch3.5

microsoft.net_frameworkMatch3.5sp1

Node

microsoft.net_frameworkMatch1.1sp1

AND

microsoftwindows_7Match-

microsoftwindows_server_2008r2itanium

microsoftwindows_server_2008r2x64

Node

microsoft.net_frameworkMatch1.0sp3

microsoft.net_frameworkMatch1.1sp1

microsoft.net_frameworkMatch2.0sp1

microsoft.net_frameworkMatch2.0sp2

microsoft.net_frameworkMatch3.5

microsoft.net_frameworkMatch3.5sp1

AND

microsoftwindows_xpsp2

microsoftwindows_xpsp3

microsoftwindows_xpMatch-sp2x64

CPENameOperatorVersion
microsoft:windows_2000microsoft windows 2000eq*
microsoft:.net_frameworkmicrosoft .net frameworkeq1.1
microsoft:.net_frameworkmicrosoft .net frameworkeq2.0

CPE	Name	Operator	Version
microsoft:windows_2000	microsoft windows 2000	eq	*
microsoft:.net_framework	microsoft .net framework	eq	1.1
microsoft:.net_framework	microsoft .net framework	eq	2.0