CVE-2009-0090
First published: Wed Oct 14 2009(Updated: )
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Microsoft Windows 2000 | =sp4 | |
| Any of | ||
| Microsoft .NET Framework 4 | =1.1-sp1 | |
| Microsoft .NET Framework 4 | =2.0-sp1 | |
| Microsoft .NET Framework 4 | =2.0-sp2 | |
| All of | ||
| Any of | ||
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Any of | ||
| Microsoft .NET Framework 4 | =1.1-sp1 | |
| Microsoft .NET Framework 4 | =2.0-sp1 | |
| Microsoft .NET Framework 4 | =2.0-sp2 | |
| Microsoft .NET Framework 4 | =3.5 | |
| Microsoft .NET Framework 4 | =3.5-sp1 | |
| All of | ||
| Any of | ||
| Microsoft Windows Vista | ||
| Microsoft Windows Vista | ||
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Any of | ||
| Microsoft .NET Framework 4 | =1.1-sp1 | |
| Microsoft .NET Framework 4 | =2.0 | |
| Microsoft .NET Framework 4 | =2.0-sp1 | |
| Microsoft .NET Framework 4 | =2.0-sp2 | |
| Microsoft .NET Framework 4 | =3.5 | |
| Microsoft .NET Framework 4 | =3.5-sp1 | |
| All of | ||
| Microsoft .NET Framework 4 | =1.1-sp1 | |
| Any of | ||
| Microsoft Windows 7 | ||
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server | =r2 | |
| All of | ||
| Any of | ||
| Microsoft .NET Framework 4 | =1.0-sp3 | |
| Microsoft .NET Framework 4 | =1.1-sp1 | |
| Microsoft .NET Framework 4 | =2.0-sp1 | |
| Microsoft .NET Framework 4 | =2.0-sp2 | |
| Microsoft .NET Framework 4 | =3.5 | |
| Microsoft .NET Framework 4 | =3.5-sp1 | |
| Any of | ||
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows 2000 | =sp4 | |
| Microsoft .NET Framework 4 | =1.1-sp1 | |
| Microsoft .NET Framework 4 | =2.0-sp1 | |
| Microsoft .NET Framework 4 | =2.0-sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft .NET Framework 4 | =3.5 | |
| Microsoft .NET Framework 4 | =3.5-sp1 | |
| Microsoft Windows Vista | ||
| Microsoft Windows Vista | ||
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft .NET Framework 4 | =2.0 | |
| Microsoft Windows 7 | ||
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server | =r2 | |
| Microsoft .NET Framework 4 | =1.0-sp3 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows XP | =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2009-0090?
CVE-2009-0090 has a critical severity rating due to its potential for remote code execution.
How do I fix CVE-2009-0090?
To fix CVE-2009-0090, you should apply the security update released by Microsoft as part of MS09-061.
What versions of the Microsoft .NET Framework are affected by CVE-2009-0090?
CVE-2009-0090 affects Microsoft .NET Framework versions 1.0 SP3, 1.1 SP1, 2.0 SP1, and other related versions.
Can CVE-2009-0090 be exploited through web applications?
Yes, CVE-2009-0090 can be exploited through crafted XAML browser applications (XBAP) and ASP.NET applications.
What systems are impacted by CVE-2009-0090?
CVE-2009-0090 impacts various versions of Microsoft Windows, including Windows 2000, Windows XP, Windows Server 2003, and more.
- collector/nvd-historical
- agent/type
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/weakness
- agent/references
- agent/severity
- agent/description
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft windows 2000
- version/microsoft windows 2000/sp4
- canonical/microsoft .net framework 4
- version/microsoft .net framework 4/1.1-sp1
- version/microsoft .net framework 4/2.0-sp1
- version/microsoft .net framework 4/2.0-sp2
- canonical/microsoft windows server
- version/microsoft windows server/sp2
- version/microsoft .net framework 4/3.5
- version/microsoft .net framework 4/3.5-sp1
- canonical/microsoft windows vista
- version/microsoft windows vista/sp1
- version/microsoft windows vista/sp2
- version/microsoft .net framework 4/2.0
- canonical/microsoft windows 7
- version/microsoft windows server/r2
- version/microsoft .net framework 4/1.0-sp3
- canonical/microsoft windows xp
- version/microsoft windows xp/sp2
- version/microsoft windows xp/sp3