CVE-2011-0989
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct.
El método RuntimeHelpers.InitializeArray de metadata/icall.c de Mono, si Moonlight 2.x anterior a 2.4.1 o 3.x anterior a 3.99.3 es utilizado, no restringe apropiadamente los tipos de datos, lo que permite a atacantes remotos modificar las estructuras de datos de sólo lectura internas, y provocar una denegación de servicio (caída o cuelgue del plugin) o coromper el estado interno del gestor de seguridad, a través de un fichero multimedia modificado, como se ha demostrado modificando una struct C#.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-02-14 CVE Reserved
- 2011-04-13 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html | Mailing List | |
http://www.mono-project.com/Vulnerabilities | X_refsource_confirm | |
http://www.securityfocus.com/bid/47208 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/66624 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://openwall.com/lists/oss-security/2011/04/06/14 | 2017-08-17 | |
https://bugzilla.novell.com/show_bug.cgi?id=667077 | 2017-08-17 | |
https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e | 2017-08-17 |
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/44002 | 2017-08-17 | |
http://secunia.com/advisories/44076 | 2017-08-17 | |
http://www.vupen.com/english/advisories/2011/0904 | 2017-08-17 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mono Search vendor "Mono" | Mono Search vendor "Mono" for product "Mono" | * | - |
Affected
| ||||||
Novell Search vendor "Novell" | Moonlight Search vendor "Novell" for product "Moonlight" | 2.0 Search vendor "Novell" for product "Moonlight" and version "2.0" | - |
Affected
| ||||||
Novell Search vendor "Novell" | Moonlight Search vendor "Novell" for product "Moonlight" | 2.3.0 Search vendor "Novell" for product "Moonlight" and version "2.3.0" | - |
Affected
| ||||||
Novell Search vendor "Novell" | Moonlight Search vendor "Novell" for product "Moonlight" | 2.4 Search vendor "Novell" for product "Moonlight" and version "2.4" | - |
Affected
| ||||||
Novell Search vendor "Novell" | Moonlight Search vendor "Novell" for product "Moonlight" | 2.31 Search vendor "Novell" for product "Moonlight" and version "2.31" | - |
Affected
| ||||||
Novell Search vendor "Novell" | Moonlight Search vendor "Novell" for product "Moonlight" | 3.0 Search vendor "Novell" for product "Moonlight" and version "3.0" | - |
Affected
| ||||||
Novell Search vendor "Novell" | Moonlight Search vendor "Novell" for product "Moonlight" | 3.99 Search vendor "Novell" for product "Moonlight" and version "3.99" | - |
Affected
|