CVE-2011-1253

CWE-26419 documents4 sources

Severity

9.3CRITICAL

EPSS

19.5%

top 4.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft .net Framework Microsoft Silverlight

Timeline

PublishedOct 12

Latest updateMay 13

Description

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/.net_framework5 versions+4

▶NVDmicrosoft/silverlight4.0.60531.0

🔴Vulnerability Details

GHSA

GHSA-93jp-mm4x-pff3: Microsoft↗2022-05-13

▶

CVEList

CVE-2011-1253: Microsoft↗2011-10-12

▶

📋Vendor Advisories

Red Hat

kernel: /proc/PID/io infoleak↗2011-06-21

▶

Red Hat

kernel: taskstats: duplicate entries in listener mode can lead to DoS↗2011-06-16

▶

Red Hat

kernel: ext4: kernel panic when writing data to the last block of sparse file↗2011-06-03

▶

Red Hat

kernel: nl80211: missing check for valid SSID size in scan operations↗2011-05-18

▶

Red Hat

kernel: agp: insufficient pg_start parameter checking in AGPIOC_BIND and AGPIOC_UNBIND ioctls↗2011-04-14

▶