1. Home
  2. CVE Database
  3. CVE-2009-0090
HIGH · 9.3

CVE-2009-0090

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary...

Vulnerability Description

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
MicrosoftWindows 2000All versions
Microsoft.Net Framework1.1
MicrosoftWindows Server 2003All versions
MicrosoftWindows Server 2008All versions
MicrosoftWindows VistaAll versions
MicrosoftWindows 7-
MicrosoftWindows XpAll versions

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2009-0090?

CVE-2009-0090 is a vulnerability with a CVSS score of 9.3 (HIGH). Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary...

How severe is CVE-2009-0090?

CVE-2009-0090 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-0090?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft .Net Framework, Microsoft Windows Server 2003, Microsoft Windows Server 2008, Microsoft Windows Vista.