CVE-2008-5100

Published Nov 17, 2008

Last updated 6 years ago

Overview

Description: The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-310

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0.50727:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60D50F4D-1FDD-46C4-B289-7EF93106E44E"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References