CVE-2010-3958: Input Validation

First published: Wed Apr 13 2011(Updated: )

The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."

Credit: secure@microsoft.com secure@microsoft.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-historical
• agent/type
• agent/author
• agent/event
• agent/softwarecombine
• agent/last-modified-date
• agent/first-publish-date
• collector/nvd-api
• agent/software-canonical-lookup-request
• agent/severity
• agent/references
• agent/weakness
• agent/description
• agent/tags
• collector/nvd-index
• collector/mitre-cve
• source/MITRE
• vendor/microsoft
• canonical/microsoft .net framework
• version/microsoft .net framework/4.0
• canonical/microsoft windows 2003 server
• version/microsoft windows 2003 server/sp2
• canonical/microsoft windows 7
• version/microsoft windows 7/sp1
• canonical/microsoft windows server 2003
• version/microsoft windows server 2003/sp2
• canonical/microsoft windows server 2008
• version/microsoft windows server 2008/sp2
• version/microsoft windows server 2008/r2
• canonical/microsoft windows vista
• version/microsoft windows vista/sp1
• version/microsoft windows vista/sp2
• canonical/microsoft windows xp
• version/microsoft windows xp/sp3
• version/microsoft windows xp/sp2
• version/microsoft .net framework/3.5.1
• version/microsoft .net framework/2.0-sp2
• version/microsoft .net framework/3.5-sp1