CVE-2009-2497Code Injection in Microsoft NET Framework

CWE-94Code Injection3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
37.2%
top 2.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft NET Framework
Timeline
PublishedOct 14
Latest updateMay 2

Description

The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/net_framework4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-v5qv-p4x6-222f: The Common Language Runtime (CLR) in Microsoft2022-05-02
CVEList
CVE-2009-2497: The Common Language Runtime (CLR) in Microsoft2009-10-14
CVE-2009-2497 — Code Injection in Microsoft | cvebase