CVSS: 7.7EPSS: 3%CPEs: 64EXPL: 2CVE-2011-1271 – Microsoft .NET Framework JIT Compiler - Optimization NULL String Remote Code Execution
https://notcve.org/view.php?id=CVE-2011-1271
10 May 2011 — The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework applic... • https://www.exploit-db.com/exploits/35740 • CWE-264: Permissions, Privileges, and Access Controls CWE-476: NULL Pointer Dereference •
CVSS: 9.3EPSS: 57%CPEs: 36EXPL: 0CVE-2010-3958
https://notcve.org/view.php?id=CVE-2010-3958
13 Apr 2011 — The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability." El compilador x86 JIT de Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, y 4.0 no compila apropiadamente las llamadas a funciones, lo que perm... • http://www.us-cert.gov/cas/techalerts/TA11-102A.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 55%CPEs: 12EXPL: 0CVE-2010-3228
https://notcve.org/view.php?id=CVE-2010-3228
13 Oct 2010 — The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka ".NET Framework x64 JIT Compiler Vulnerability." El Compilador JIT en Microsoft .NET Framework v4.0 en plataformas 64-bit no realiza adecuadamente optimizaciones, lo que permite a atacantes remotos ejecutar código de su elección a través de aplicaciones .NET manipuladas que ini... • http://www.us-cert.gov/cas/techalerts/TA10-285A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 89%CPEs: 8EXPL: 6CVE-2010-3332 – Microsoft ASP.NET - Padding Oracle (MS10-070)
https://notcve.org/view.php?id=CVE-2010-3332
22 Sep 2010 — Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability." Microsoft .NET Framework versiones 1.1 SP1, 2.0 SP1 y SP2, 3.5, 3.5 SP1, 3... • https://www.exploit-db.com/exploits/15213 • CWE-209: Generation of Error Message Containing Sensitive Information •