Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-4254

CWE-20Improper Input Validation6 documents5 sources
Severity
7.5HIGH
EPSS
19.9%
top 4.54%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Novell Moonlight
Timeline
PublishedDec 6
Latest updateMay 17

Description

Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDnovell/moonlight2.3.0+5

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-2fxv-5465-p76g: Mono, when Moonlight before 22022-05-17
CVEList
CVE-2010-4254: Mono, when Moonlight before 22010-12-03

💥Exploits & PoCs

1
Exploit-DB
Mono/Moonlight Generic Type Argument - Privilege Escalation2011-01-11

💬Community

2
Bugzilla
CVE-2010-4254 mono: vulnerability when Moonlight is used may allow arbitrary code execution2010-12-04
Bugzilla
CVE-2010-4254 mono: vulnerability when Moonlight is used may allow arbitrary code execution [fedora-all]2010-12-04
CVE-2010-4254 (HIGH CVSS 7.5) | cvebase.io