Pavel Minaev

**Name of the Vulnerable Software and Affected Versions** Microsoft .NET Framework versions 1.0 SP3 through 2.0 SP1 **Description** The issue allows remote attackers to obtain unintended access to stack memory and execute arbitrary code via crafted applications, including XAML browser applications, ASP.NET applications, or .NET Framework applications. A remote code execution vulnerability exists in the Microsoft .NET Framework, which could allow a malicious Microsoft .NET application to obtain a managed pointer to stack memory that is no longer used, leading to arbitrary unmanaged code execution. **Recommendations** For Microsoft .NET Framework versions 1.0 SP3 through 2.0 SP1, update to a version that properly validates .NET verifiable code to prevent remote attackers from obtaining unintended access to stack memory. As a temporary workaround, consider restricting the execution of crafted .NET applications to minimize the risk of exploitation.