| Vulnerability Name: | CCN-105112 | ||||||
| Published: | 2015-07-25 | ||||||
| Updated: | 2015-07-25 | ||||||
| Summary: | Microsoft .NET Framework is vulnerable to an integer overflow, caused by improper size validation by the AllocHGlobalIntPtrArray() method. By passing an improper size parameter, a local attacker could overflow the integer value and allocate a heap buffer that is too small, resulting in application crash and possible code execution. | ||||||
| CVSS v3 Severity: | 2.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:L) 2.3 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:L/E:P/RL:U/RC:R)
| ||||||
| CVSS v2 Severity: | 1.0 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:N/I:N/A:P)
| ||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: CCN Type: BugTraq Mailing List, Sat, 25 Jul 2015 09:02:37 +0200 Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class Source: CCN Type: Full Disclosure Mailing List, Sat, 25 Jul 2015 09:02:20 +0200 Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class Source: XF Type: UNKNOWN ms-dotnet-directoryservices-int-overflow(105112) Source: CCN Type: Securify Advisory Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||