Vulnerability Description
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts objects before performing an array copy, which allows remote attackers to (1) execute arbitrary code via a crafted XAML browser application (XBAP) or (2) bypass Code Access Security restrictions via a crafted .NET Framework application, aka ".NET Elevation of Privilege Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | .Net Framework | 2.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/76560
- http://www.securitytracker.com/id/1033493
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-10
- http://www.securityfocus.com/bid/76560
- http://www.securitytracker.com/id/1033493
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-10
FAQ
What is CVE-2015-2504?
CVE-2015-2504 is a vulnerability with a CVSS score of 9.3 (HIGH). Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts objects before performing an array copy, which allows remote attackers to (1) execute arbitrary code via a...
How severe is CVE-2015-2504?
CVE-2015-2504 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-2504?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft .Net Framework.