CVE-2010-4254

Mono < 2.3.0 - Improper Input Validation

Title source: rule
STIX 2.1

Description

Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Chris Howie · textdoslinux
https://www.exploit-db.com/exploits/15974

References (13)

Core 13
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42373
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/15974
Issue Tracking x_refsource_confirm
https://bugzilla.novell.com/show_bug.cgi?id=655847
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42877
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/45051
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0076
Issue Tracking x_refsource_confirm
https://bugzilla.novell.com/show_bug.cgi?id=654136

Scores

EPSS 0.1568
EPSS Percentile 94.8%

Details

CWE
CWE-20
Status published
Products (7)
mono/mono
novell/moonlight 2.99.0
novell/moonlight 2.99.1
novell/moonlight 2.99.2
novell/moonlight 2.99.7
novell/moonlight 2.99.9
novell/moonlight < 2.3.0
Published Dec 06, 2010
Tracked Since Feb 18, 2026