CVE-2011-0992 - Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used,

CVE-2011-0992

Summary

Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance.

References

Vulnerable Configurations

cpe:2.3:a:mono:mono:*:*:*:*:*:*:*:*
cpe:2.3:a:mono:mono:*:*:*:*:*:*:*:*
cpe:2.3:a:novell:moonlight:2.0:*:*:*:*:*:*:*
cpe:2.3:a:novell:moonlight:2.0:*:*:*:*:*:*:*
cpe:2.3:a:novell:moonlight:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:novell:moonlight:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:novell:moonlight:2.4:*:*:*:*:*:*:*
cpe:2.3:a:novell:moonlight:2.4:*:*:*:*:*:*:*
cpe:2.3:a:novell:moonlight:2.31:*:*:*:*:*:*:*
cpe:2.3:a:novell:moonlight:2.31:*:*:*:*:*:*:*
cpe:2.3:a:novell:moonlight:3.0:*:*:*:*:*:*:*
cpe:2.3:a:novell:moonlight:3.0:*:*:*:*:*:*:*
cpe:2.3:a:novell:moonlight:3.99:*:*:*:*:*:*:*
cpe:2.3:a:novell:moonlight:3.99:*:*:*:*:*:*:*

CVSS

Base:	5.8 (as of 17-08-2017 - 01:33)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:N/A:P

refmap via4

bid	47208
confirm	http://www.mono-project.com/Vulnerabilities https://bugzilla.novell.com/show_bug.cgi?id=667077 https://bugzilla.novell.com/show_bug.cgi?id=678515 https://bugzilla.redhat.com/show_bug.cgi?id=694933 https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91
mlist	[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update [oss-security] 20110406 Moonlight release 2.4.1 with security fixes
secunia	44002 44076
vupen	ADV-2011-0904
xf	momo-monothread-info-disclosure(66627)

Last major update

17-08-2017 - 01:33

Published

13-04-2011 - 21:55

Last modified

17-08-2017 - 01:33