Improper input validation in Microsoft .Net_framework
CVE-2010-3958
The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2)…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.565 (98.2th percentile) — read the EPSS interpretation.
Affected products
- Microsoft .Net_framework — versions 4.0, 3.5.1, 2.0
- Microsoft Windows_2003_server
- Microsoft Windows_7
- Microsoft Windows_server_2003
- Microsoft Windows_server_2008 — versions r2
- Microsoft Windows_vista
- Microsoft Windows_xp
- N/a — versions n/a
Weakness classification (CWE)
References
- TA11-102A (US Government Resource, x_refsource_CERT, third-party-advisory)
- oval:org.mitre.oval:def:12406 (x_refsource_OVAL, signature, vdb-entry)
- MS11-028 (x_refsource_MS, vendor-advisory)