Use-After-Free Vulnerability in Moonlight by Novell
CVE-2011-0992

Currently unrated

Key Information:

Vendor: Novell
Status: Moonlight; Mono
Vendor: CVE Published:; 13 April 2011

Summary

A use-after-free vulnerability exists in the Moonlight plugin, specifically affecting versions 2.x prior to 2.4.1 and 3.x prior to 3.99.3. This flaw can be exploited by remote attackers to trigger a denial of service via plugin crashes or to leak sensitive data through manipulation of member data in a MonoThread instance that has been resurrected. Users of affected versions should consider upgrading to newer releases that rectify these security concerns.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/66627

vdb-entryx_refsource_XF

https://bugzilla.novell.com/show_bug.cgi?id=678515

x_refsource_CONFIRM

https://bugzilla.novell.com/show_bug.cgi?id=667077

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 13, 2011
Vulnerability Reserved
Feb 14, 2011