CVE-2010-3958
Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, 4.0 - Remote Code Execution via x86 JIT Compiler
Title source: llmDescription
The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."
References (3)
Core 3
Core References
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA11-102A.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12406
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-028
Scores
EPSS
0.2359
EPSS Percentile
97.5%
Details
CWE
CWE-20
Status
published
Products (4)
microsoft/.net_framework
4.0
microsoft/.net_framework
3.5.1
microsoft/.net_framework
2.0 sp2
microsoft/.net_framework
3.5 sp1
Published
Apr 13, 2011
Tracked Since
Feb 18, 2026