CVE-2009-0090

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."

Published: Oct 14, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-0090
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
microsoft / windows_2000	-	-
microsoft / .net_framework	1.1-sp1	1.1-sp1.x
microsoft / .net_framework	2.0-sp2	2.0-sp2.x
microsoft / .net_framework	2.0-sp1	2.0-sp1.x
microsoft / windows_server_2003	-	-
microsoft / windows_server_2008	-	-
microsoft / windows_server_2008	--sp2	--sp2.x
microsoft / .net_framework	3.5-sp1	3.5-sp1.x
microsoft / .net_framework	3.5	3.5.x
microsoft / windows_vista	-	-
microsoft / .net_framework	2.0	2.0.x
microsoft / .net_framework	1.0-sp3	1.0-sp3.x
microsoft / windows_xp	-	-
microsoft / windows_xp	--sp2	--sp2.x

Vulnerability Database

289,599

CVE-2009-0090