CVE-2010-3958

Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, 4.0 - Remote Code Execution via x86 JIT Compiler

Title source: llm
STIX 2.1

Description

The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."

References (3)

Core 3
Core References
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA11-102A.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12406

Scores

EPSS 0.2359
EPSS Percentile 97.5%

Details

CWE
CWE-20
Status published
Products (4)
microsoft/.net_framework 4.0
microsoft/.net_framework 3.5.1
microsoft/.net_framework 2.0 sp2
microsoft/.net_framework 3.5 sp1
Published Apr 13, 2011
Tracked Since Feb 18, 2026