CVE-2009-0090

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
microsoftCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
microsoftwindows_2000
*
microsoft.net_framework
1.1:sp1
microsoft.net_framework
2.0:sp1
microsoft.net_framework
2.0:sp2
microsoftwindows_server_2003
*
microsoftwindows_server_2008
*
microsoftwindows_server_2008
*
microsoftwindows_server_2008
*
microsoftwindows_server_2008
*
microsoftwindows_server_2008
*
microsoftwindows_server_2008
-
microsoftwindows_server_2008
-
microsoft.net_framework
1.1:sp1
microsoft.net_framework
2.0:sp1
microsoft.net_framework
2.0:sp2
microsoft.net_framework
3.5
microsoft.net_framework
3.5:sp1
microsoftwindows_vista
*
microsoftwindows_vista
*
microsoftwindows_vista
*
microsoftwindows_vista
*
microsoft.net_framework
1.1:sp1
microsoft.net_framework
2.0
microsoft.net_framework
2.0:sp1
microsoft.net_framework
2.0:sp2
microsoft.net_framework
3.5
microsoft.net_framework
3.5:sp1
microsoft.net_framework
1.1:sp1
microsoftwindows_7
-
microsoftwindows_server_2008
*
microsoftwindows_server_2008
*
microsoft.net_framework
1.0:sp3
microsoft.net_framework
1.1:sp1
microsoft.net_framework
2.0:sp1
microsoft.net_framework
2.0:sp2
microsoft.net_framework
3.5
microsoft.net_framework
3.5:sp1
microsoftwindows_xp
*
microsoftwindows_xp
*
microsoftwindows_xp
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.us-cert.gov/cas/techalerts/TA09-286A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-061
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5716
http://www.us-cert.gov/cas/techalerts/TA09-286A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-061
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5716