CVE-2010-4254 Information
Description
Mono when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used does not properly validate arguments to generic methods which allows remote attackers to bypass generic constraints and possibly execute arbitrary code via a crafted method call.
Reference
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html http://secunia.com/advisories/42373 http://secunia.com/advisories/42877 http://www.exploit-db.com/exploits/15974 http://www.mono-project.com/VulnerabilitiesMoonlight_Generic_Constraints_Bypass_Vulnerability http://www.securityfocus.com/bid/45051 http://www.vupen.com/english/advisories/2011/0076 https://bugzilla.novell.com/show_bug.cgi?id=654136 https://bugzilla.novell.com/show_bug.cgi?id=655847 https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399 https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358 https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac
Share on: