Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 13/04/2011 Updated: 17/08/2017

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x prior to 2.4.1 or 3.x prior to 3.99.3 is used, does not properly restrict data types, which allows remote malicious users to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct.

Vulnerable Product	Search on Vulmon	Subscribe to Product
novell moonlight 3.99
novell moonlight 2.31
novell moonlight 2.0
novell moonlight 3.0
mono mono
novell moonlight 2.3.0
novell moonlight 2.4

CWE-264 http://secunia.com/advisories/44002 https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e http://www.vupen.com/english/advisories/2011/0904 http://www.securityfocus.com/bid/47208 http://openwall.com/lists/oss-security/2011/04/06/14 https://bugzilla.novell.com/show_bug.cgi?id=667077 http://www.mono-project.com/Vulnerabilities http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html http://secunia.com/advisories/44076 https://exchange.xforce.ibmcloud.com/vulnerabilities/66624 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-0989

Vulnerability Summary

References

Vulmon Search

About

Products

Connect