Security vulnerability allows violation of the type system and possibly execution of arbitrary code

Bug #691780 reported by Chris Howie on 2010-12-18
336
Affects Status Importance Assigned to Milestone
moon (Ubuntu)
Undecided
Unassigned

Bug Description

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4254
http://secunia.com/advisories/42373/

A bug in generics allows violation of the type system. When paired with delegate types, this may allow a crafted Moonlight application to execute arbitrary code. 2.3.0.1 is the most recent version and is currently the only 2.x version free of this bug.

CVE References

Chris Howie (chrishowie) wrote :

My bad, 2.99.0.10 is also free of the bug.

visibility: private → public
visibility: public → private
description: updated
visibility: private → public
Changed in moon (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers