CVE-2011-0989

The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:novell:moonlight:3.99:*:*:*:*:*:*:*
cpe:2.3:a:novell:moonlight:2.31:*:*:*:*:*:*:*
cpe:2.3:a:novell:moonlight:2.0:*:*:*:*:*:*:*
cpe:2.3:a:novell:moonlight:3.0:*:*:*:*:*:*:*
cpe:2.3:a:mono:mono:*:*:*:*:*:*:*:*
cpe:2.3:a:novell:moonlight:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:novell:moonlight:2.4:*:*:*:*:*:*:*

Information

Published : 2011-04-13 14:55

Updated : 2017-08-16 18:33


NVD link : CVE-2011-0989

Mitre link : CVE-2011-0989


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa

Products Affected

novell

  • moonlight

mono

  • mono