Security vulnerability allows violation of the type system and possibly execution of arbitrary code

Bug #691780 reported by Chris Howie
336
Affects Status Importance Assigned to Milestone
moon (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4254
http://secunia.com/advisories/42373/

A bug in generics allows violation of the type system. When paired with delegate types, this may allow a crafted Moonlight application to execute arbitrary code. 2.3.0.1 is the most recent version and is currently the only 2.x version free of this bug.

CVE References

Revision history for this message
Chris Howie (chrishowie) wrote :

My bad, 2.99.0.10 is also free of the bug.

visibility: private → public
visibility: public → private
description: updated
visibility: private → public
Changed in moon (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.