Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x prior to 2.4.1 or 3.x prior to 3.99.3 is used, allows remote malicious users to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
novell moonlight 2.31 |
||
novell moonlight 3.0 |
||
novell moonlight 3.99 |
||
mono mono |
||
novell moonlight 2.3.0 |
||
novell moonlight 2.4 |
||
novell moonlight 2.0 |