Vulnerability Details CVE-2010-4254
Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.199
EPSS Ranking 95.2%
CVSS Severity
CVSS v2 Score 7.5
References
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
- http://secunia.com/advisories/42373
- http://secunia.com/advisories/42877
- http://www.exploit-db.com/exploits/15974
- http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability
- http://www.securityfocus.com/bid/45051
- http://www.vupen.com/english/advisories/2011/0076
- https://bugzilla.novell.com/show_bug.cgi?id=654136
- https://bugzilla.novell.com/show_bug.cgi?id=655847
- https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399
- https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358
- https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
- http://secunia.com/advisories/42373
- http://secunia.com/advisories/42877
- http://www.exploit-db.com/exploits/15974
- http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability
- http://www.securityfocus.com/bid/45051
- http://www.vupen.com/english/advisories/2011/0076
- https://bugzilla.novell.com/show_bug.cgi?id=654136
- https://bugzilla.novell.com/show_bug.cgi?id=655847
- https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399
- https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358
- https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac
Products affected by CVE-2010-4254
-
cpe:2.3:a:mono:mono:-
-
cpe:2.3:a:mono:mono:1.0
-
cpe:2.3:a:mono:mono:1.0.5
-
cpe:2.3:a:mono:mono:1.1.13
-
cpe:2.3:a:mono:mono:1.1.13.4
-
cpe:2.3:a:mono:mono:1.1.13.6
-
cpe:2.3:a:mono:mono:1.1.13.7
-
cpe:2.3:a:mono:mono:1.1.17
-
cpe:2.3:a:mono:mono:1.1.17.1
-
cpe:2.3:a:mono:mono:1.1.18
-
cpe:2.3:a:mono:mono:1.1.4
-
cpe:2.3:a:mono:mono:1.1.8.3
-
cpe:2.3:a:mono:mono:1.2.5.1
-
cpe:2.3:a:mono:mono:2.0
-
cpe:2.3:a:mono:mono:2.10.1
-
cpe:2.3:a:novell:moonlight:*
-
cpe:2.3:a:novell:moonlight:2.99.0
-
cpe:2.3:a:novell:moonlight:2.99.1
-
cpe:2.3:a:novell:moonlight:2.99.2
-
cpe:2.3:a:novell:moonlight:2.99.7
-
cpe:2.3:a:novell:moonlight:2.99.9