CVE-2015-2504 Information

Description

Microsoft .NET Framework 2.0 SP2 3.5 3.5.1 4 4.5 4.5.1 4.5.2 and 4.6 improperly counts objects before performing an array copy which allows remote attackers to (1) execute arbitrary code via a crafted XAML browser application (XBAP) or (2) bypass Code Access Security restrictions via a crafted .NET Framework application aka .NET Elevation of Privilege Vulnerability.\

Reference

http://www.securityfocus.com/bid/76560 http://www.securitytracker.com/id/1033493 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-101