Home

CVE-2010-3958

Description

The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka .NET Framework Stack Corruption Vulnerability.

Risk Information

Base Score
8.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
56.465

Associated Vulnerability

VulnerabilityOS Platform
Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP(KB2446704) x86 based systemsWindows
Security Update for Microsoft .NET Framework 4(KB2446708) x86 based systemsWindows
Security Update for Microsoft .NET Framework 4(KB2446708) x64 bases systemsWindows
Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP(KB2446704) x64 bases systemsWindows
Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008(KB2449741) x86 based systemsWindows
Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008(KB2449741) x64 bases systemsWindows
Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2(KB2449742) x86 based systemsWindows
Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2(KB2449742) x64 bases systemsWindows
Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2(KB2446709) x86 based systemsWindows
Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2(KB2446709) x64 bases systemsWindows
Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1(KB2446710) x86 based systemsWindows
Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1(KB2446710) x64 bases systemsWindows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-10091Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP
PATCH-10092Security Update for Microsoft .NET Framework 4
PATCH-10093Security Update for Microsoft .NET Framework 4
PATCH-10094Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP
PATCH-10095Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008
PATCH-10096Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008
PATCH-10097Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2
PATCH-10098Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2
PATCH-10099Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2
PATCH-10100Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2
PATCH-10101Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1
PATCH-10102Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234