CVE-2011-0989

Currently unrated

Key Information:

Vendor: Novell
Status: Moonlight; Mono
Vendor: CVE Published:; 13 April 2011

Summary

The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct.

References

https://bugzilla.novell.com/show_bug.cgi?id=667077

x_refsource_CONFIRM

http://www.securityfocus.com/bid/47208

vdb-entryx_refsource_BID

http://openwall.com/lists/oss-security/2011/04/06/14

mailing-listx_refsource_MLIST

EPSS Score

4% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 13, 2011
Vulnerability Reserved
Feb 14, 2011

Collectors

NVD DatabaseMitre Database