CVE-2009-0091
Published Oct 14, 2009
Last updated a year ago
Overview
- Description
- Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability."
- Source
- secure@microsoft.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 9.3
- Impact score
- 10
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-94
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC"
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B"
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:itanium:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7C684420-1614-4DAE-9BD9-F1FE9102A50F"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FFF81F4B-7D92-4398-8658-84530FB8F518"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BA99C751-91CB-43D4-93FF-1C12342CAF1E"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC"
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B"
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279"
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688"
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0C610747-93E5-4014-8ED2-47F333174832"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC"
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A419F50E-F32C-461C-95D0-978C5351FBAA"
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B"
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279"
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688"
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0C610747-93E5-4014-8ED2-47F333174832"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2B19826-5516-4899-9599-F95D0A03FBCD"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4945F25F-2828-4D03-930B-A109BA73E00C"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:1.0:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B4B659D4-6EDD-4A31-A7CC-70B12EBEB4D8"
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC"
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B"
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279"
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688"
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0C610747-93E5-4014-8ED2-47F333174832"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]