[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-4254Date: (C)2010-12-06   (M)2023-12-22


Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
EXPLOIT-DB-15974
SECUNIA-42373
SECUNIA-42877
BID-45051
ADV-2011-0076
SUSE-SR:2010:024
SUSE-SR:2011:001
http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability
https://bugzilla.novell.com/show_bug.cgi?id=654136
https://bugzilla.novell.com/show_bug.cgi?id=655847
https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399
https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358
https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac

CPE    1
cpe:/a:mono:mono
CWE    1
CWE-20
OVAL    2
oval:org.secpod.oval:def:101343
oval:org.secpod.oval:def:101340

© SecPod Technologies