CVE-2011-0664

Loading...

General

Score:9.3/10.0
Severity:High
Category:Input Validation Error

Impact Metrics

Confidentiality:Complete
Integrity:Complete
Availability:Complete

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Published on 16/06/11 - Updated on 19/09/17

Description

Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability."

Category: Input Validation Error

CWE-20 (Input Validation)
The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

Security Notices

US National Vulnerability DatabaseCVE-2011-0664
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2011-AVI-347
Microsoft MS11-039
Renater 2011/VULN430

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
microsoft.net_framework
microsoftsilverlight

Share this vulnerability with:

Twitter Facebook LinkedIn Mail