CVE-2010-1898 - Vulnerability Details

Vendors	Products
Apple	Mac Os X
Microsoft	.net Framework Silverlight Windows

Link	Providers
http://www.us-cert.gov/cas/techalerts/TA10-222A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12033

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-08-10T00:00:00", "descriptions": [{"lang": "en", "value": "The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "TA10-222A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"}, {"name": "MS10-060", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060"}, {"name": "oval:org.mitre.oval:def:12033", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12033"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2010-1898", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "TA10-222A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"}, {"name": "MS10-060", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060"}, {"name": "oval:org.mitre.oval:def:12033", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12033"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:17:12.829Z"}, "title": "CVE Program Container", "references": [{"name": "TA10-222A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"}, {"name": "MS10-060", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060"}, {"name": "oval:org.mitre.oval:def:12033", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12033"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2010-1898", "datePublished": "2010-08-11T18:00:00", "dateReserved": "2010-05-11T00:00:00", "dateUpdated": "2024-08-07T02:17:12.829Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2010-08-10T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability." (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-10-12T19:57:01 (string)

orgId : f38d906d-7342-40ea-92c1-6c4a2c6478c8 (string)

shortName : microsoft (string)

}

references : [ »

0 : { »

name : TA10-222A (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA10-222A.html (string)

}

1 : { »

name : MS10-060 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MS (string)

]

url : https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060 (string)

}

2 : { »

name : oval:org.mitre.oval:def:12033 (string)

tags : [ »

0 : vdb-entry (string)

1 : signature (string)

2 : x_refsource_OVAL (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12033 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : secure@microsoft.com (string)

ID : CVE-2010-1898 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability." (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : TA10-222A (string)

refsource : CERT (string)

url : http://www.us-cert.gov/cas/techalerts/TA10-222A.html (string)

}

1 : { »

name : MS10-060 (string)

refsource : MS (string)

url : https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060 (string)

}

2 : { »

name : oval:org.mitre.oval:def:12033 (string)

refsource : OVAL (string)

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12033 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-07T02:17:12.829Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : TA10-222A (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT (string)

2 : x_transferred (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA10-222A.html (string)

}

1 : { »

name : MS10-060 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MS (string)

2 : x_transferred (string)

]

url : https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060 (string)

}

2 : { »

name : oval:org.mitre.oval:def:12033 (string)

tags : [ »

0 : vdb-entry (string)

1 : signature (string)

2 : x_refsource_OVAL (string)

3 : x_transferred (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12033 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : f38d906d-7342-40ea-92c1-6c4a2c6478c8 (string)

assignerShortName : microsoft (string)

cveId : CVE-2010-1898 (string)

datePublished : 2010-08-11T18:00:00 (string)

dateReserved : 2010-05-11T00:00:00 (string)

dateUpdated : 2024-08-07T02:17:12.829Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "0C610747-93E5-4014-8ED2-47F333174832", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "8EDC4407-7E92-4E60-82F0-0C87D1860D3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:silverlight:*:*:*:*:*:*:*:*", "matchCriteriaId": "20B8341A-C2AC-4C81-A7E7-D79C8970027C", "versionEndIncluding": "3.0.40818.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:silverlight:2.0.31005.00:*:*:*:*:*:*:*", "matchCriteriaId": "A20AA4A5-B6DA-42F5-ADA6-CE8F3D08DAEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:silverlight:2.0.40115.00:*:*:*:*:*:*:*", "matchCriteriaId": "F90BA702-AEA8-4CFA-8FE7-85EC3C36C893", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:silverlight:3.0.40624.00:*:*:*:*:*:*:*", "matchCriteriaId": "8D5F951F-6DCB-4651-A99A-C7237025E00C", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:silverlight:3.0.40723.0:*:*:*:*:*:*:*", "matchCriteriaId": "FAAF6291-8E80-4DE5-820C-BA9778822194", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:silverlight:*:*:*:*:*:*:*:*", "matchCriteriaId": "D084CE43-A992-456C-A431-5D14EE6AF430", "versionEndIncluding": "3.0.50106.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:silverlight:2.0.31005.00:*:*:*:*:*:*:*", "matchCriteriaId": "A20AA4A5-B6DA-42F5-ADA6-CE8F3D08DAEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:silverlight:2.0.40115.00:*:*:*:*:*:*:*", "matchCriteriaId": "F90BA702-AEA8-4CFA-8FE7-85EC3C36C893", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:silverlight:3.0.40624.00:*:*:*:*:*:*:*", "matchCriteriaId": "8D5F951F-6DCB-4651-A99A-C7237025E00C", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:silverlight:3.0.40723.0:*:*:*:*:*:*:*", "matchCriteriaId": "FAAF6291-8E80-4DE5-820C-BA9778822194", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:silverlight:3.0.40818.0:*:*:*:*:*:*:*", "matchCriteriaId": "7AB865CD-A8EC-4341-9DF8-D4D92351EE1D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.\""}, {"lang": "es", "value": "El Common Language Runtime (CLR) de Microsoft .NET Framework v2.0 SP1, v2.0 SP2, v3.5, v3.5 SP1, y v3.5.1, y Microsoft Silverlight v2 y v3 anterior a v3.0.50611.0 en Windows y anterior a v3.0.41130.0 on Mac OS X, no maneja decuadamente intefaces y delegaciones de m\u00e9todos virtuales, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de (1) una aplicaci\u00f3n de navegador XAML manipulada (tambi\u00e9n conocida como XBAP), (2) una aplicaci\u00f3n ASP.NET manipulada, o (3) una aplicaci\u00f3n .NET Framework manipulada. Tambi\u00e9n conocido c\u00f3mo Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.\""}], "id": "CVE-2010-1898", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-08-11T18:47:50.250", "references": [{"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12033"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12033"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:* (string)

matchCriteriaId : F97EB992-2DC1-4E31-A298-072D8313130B (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:* (string)

matchCriteriaId : 42A6DF09-B8E1-414D-97E7-453566055279 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:* (string)

matchCriteriaId : E039CE1F-B988-4741-AE2E-5B36E2AF9688 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:microsoft:.net_framework:3.5:sp1:*:*:*:*:*:* (string)

matchCriteriaId : 0C610747-93E5-4014-8ED2-47F333174832 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 8EDC4407-7E92-4E60-82F0-0C87D1860D3A (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microsoft:silverlight:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 20B8341A-C2AC-4C81-A7E7-D79C8970027C (string)

versionEndIncluding : 3.0.40818.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:microsoft:silverlight:2.0.31005.00:*:*:*:*:*:*:* (string)

matchCriteriaId : A20AA4A5-B6DA-42F5-ADA6-CE8F3D08DAEB (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:microsoft:silverlight:2.0.40115.00:*:*:*:*:*:*:* (string)

matchCriteriaId : F90BA702-AEA8-4CFA-8FE7-85EC3C36C893 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:microsoft:silverlight:3.0.40624.00:*:*:*:*:*:*:* (string)

matchCriteriaId : 8D5F951F-6DCB-4651-A99A-C7237025E00C (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:microsoft:silverlight:3.0.40723.0:*:*:*:*:*:*:* (string)

matchCriteriaId : FAAF6291-8E80-4DE5-820C-BA9778822194 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 0FF5999A-9D12-4CDD-8DE9-A89C10B2D574 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microsoft:silverlight:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D084CE43-A992-456C-A431-5D14EE6AF430 (string)

versionEndIncluding : 3.0.50106.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:microsoft:silverlight:2.0.31005.00:*:*:*:*:*:*:* (string)

matchCriteriaId : A20AA4A5-B6DA-42F5-ADA6-CE8F3D08DAEB (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:microsoft:silverlight:2.0.40115.00:*:*:*:*:*:*:* (string)

matchCriteriaId : F90BA702-AEA8-4CFA-8FE7-85EC3C36C893 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:microsoft:silverlight:3.0.40624.00:*:*:*:*:*:*:* (string)

matchCriteriaId : 8D5F951F-6DCB-4651-A99A-C7237025E00C (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:microsoft:silverlight:3.0.40723.0:*:*:*:*:*:*:* (string)

matchCriteriaId : FAAF6291-8E80-4DE5-820C-BA9778822194 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:microsoft:silverlight:3.0.40818.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 7AB865CD-A8EC-4341-9DF8-D4D92351EE1D (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 2CF61F35-5905-4BA9-AD7E-7DB261D2F256 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability." (string)

}

1 : { »

lang : es (string)

value : El Common Language Runtime (CLR) de Microsoft .NET Framework v2.0 SP1, v2.0 SP2, v3.5, v3.5 SP1, y v3.5.1, y Microsoft Silverlight v2 y v3 anterior a v3.0.50611.0 en Windows y anterior a v3.0.41130.0 on Mac OS X, no maneja decuadamente intefaces y delegaciones de métodos virtuales, lo que permite a atacantes remotos ejecutar código de su elección a través de (1) una aplicación de navegador XAML manipulada (también conocida como XBAP), (2) una aplicación ASP.NET manipulada, o (3) una aplicación .NET Framework manipulada. También conocido cómo Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability." (string)

}

]

id : CVE-2010-1898 (string)

lastModified : 2025-04-11T00:51:21.963 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 9.3 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:M/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 10 (number)

obtainAllPrivilege : true (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

}

published : 2010-08-11T18:47:50.250 (string)

references : [ »

0 : { »

source : secure@microsoft.com (string)

tags : [ »

0 : US Government Resource (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA10-222A.html (string)

}

1 : { »

source : secure@microsoft.com (string)

url : https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060 (string)

}

2 : { »

source : secure@microsoft.com (string)

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12033 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : US Government Resource (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA10-222A.html (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12033 (string)

}

]

sourceIdentifier : secure@microsoft.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-94 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object