Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Novell Moonlight Mono RuntimeHelpers.InitializeArray方法权限许可和访问控制漏洞
Vulnerability Description
Mono是一个自由开源的项目。该项目的目标是创建一系列符合ECMA标准(Ecma-334和Ecma-335)的.NET工具,包括C#编译器和通用语言架构。 当使用Moonlight 2.4.1之前的2.x版本或者3.99.3之前的3.x版本时,Mono中的metadata/icall.c的RuntimeHelpers.InitializeArray方法没有正确限制数据类型。远程攻击者可以借助特制媒体文件修改内部只读数据结构,导致拒绝服务(插件崩溃)或破坏安全管理器的内部状态,并绕过Moonlight的沙箱
CVSS Information
N/A
Vulnerability Type
N/A