CVE-2011-0990

Currently unrated

Key Information:

Vendor: Novell
Status: Moonlight; Mono
Vendor: CVE Published:; 13 April 2011

Summary

Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action.

References

https://bugzilla.novell.com/show_bug.cgi?id=667077

x_refsource_CONFIRM

http://www.securityfocus.com/bid/47208

vdb-entryx_refsource_BID

http://openwall.com/lists/oss-security/2011/04/06/14

mailing-listx_refsource_MLIST

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 13, 2011
Vulnerability Reserved
Feb 14, 2011

Collectors

NVD DatabaseMitre Database