CVE-2010-1898
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability."
El Common Language Runtime (CLR) de Microsoft .NET Framework v2.0 SP1, v2.0 SP2, v3.5, v3.5 SP1, y v3.5.1, y Microsoft Silverlight v2 y v3 anterior a v3.0.50611.0 en Windows y anterior a v3.0.41130.0 on Mac OS X, no maneja decuadamente intefaces y delegaciones de métodos virtuales, lo que permite a atacantes remotos ejecutar código de su elección a través de (1) una aplicación de navegador XAML manipulada (también conocida como XBAP), (2) una aplicación ASP.NET manipulada, o (3) una aplicación .NET Framework manipulada. También conocido cómo Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability."
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-05-11 CVE Reserved
- 2010-08-11 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA10-222A.html | Third Party Advisory | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12033 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Silverlight Search vendor "Microsoft" for product "Silverlight" | <= 3.0.40818.0 Search vendor "Microsoft" for product "Silverlight" and version " <= 3.0.40818.0" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Silverlight Search vendor "Microsoft" for product "Silverlight" | 2.0.31005.00 Search vendor "Microsoft" for product "Silverlight" and version "2.0.31005.00" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Silverlight Search vendor "Microsoft" for product "Silverlight" | 2.0.40115.00 Search vendor "Microsoft" for product "Silverlight" and version "2.0.40115.00" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Silverlight Search vendor "Microsoft" for product "Silverlight" | 3.0.40624.00 Search vendor "Microsoft" for product "Silverlight" and version "3.0.40624.00" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Silverlight Search vendor "Microsoft" for product "Silverlight" | 3.0.40723.0 Search vendor "Microsoft" for product "Silverlight" and version "3.0.40723.0" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Silverlight Search vendor "Microsoft" for product "Silverlight" | <= 3.0.50106.0 Search vendor "Microsoft" for product "Silverlight" and version " <= 3.0.50106.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Silverlight Search vendor "Microsoft" for product "Silverlight" | 2.0.31005.00 Search vendor "Microsoft" for product "Silverlight" and version "2.0.31005.00" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Silverlight Search vendor "Microsoft" for product "Silverlight" | 2.0.40115.00 Search vendor "Microsoft" for product "Silverlight" and version "2.0.40115.00" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Silverlight Search vendor "Microsoft" for product "Silverlight" | 3.0.40624.00 Search vendor "Microsoft" for product "Silverlight" and version "3.0.40624.00" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Silverlight Search vendor "Microsoft" for product "Silverlight" | 3.0.40723.0 Search vendor "Microsoft" for product "Silverlight" and version "3.0.40723.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Silverlight Search vendor "Microsoft" for product "Silverlight" | 3.0.40818.0 Search vendor "Microsoft" for product "Silverlight" and version "3.0.40818.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 2.0 Search vendor "Microsoft" for product ".net Framework" and version "2.0" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 2.0 Search vendor "Microsoft" for product ".net Framework" and version "2.0" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 3.5 Search vendor "Microsoft" for product ".net Framework" and version "3.5" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 3.5 Search vendor "Microsoft" for product ".net Framework" and version "3.5" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | .net Framework Search vendor "Microsoft" for product ".net Framework" | 3.5.1 Search vendor "Microsoft" for product ".net Framework" and version "3.5.1" | - |
Affected
| ||||||