CVE-2009-0090

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 1.0 SP3 through 2.0 SP1

Description The issue allows remote attackers to obtain unintended access to stack memory and execute arbitrary code via crafted applications, including XAML browser applications, ASP.NET applications, or .NET Framework applications. A remote code execution vulnerability exists in the Microsoft .NET Framework, which could allow a malicious Microsoft .NET application to obtain a managed pointer to stack memory that is no longer used, leading to arbitrary unmanaged code execution.

Recommendations For Microsoft .NET Framework versions 1.0 SP3 through 2.0 SP1, update to a version that properly validates .NET verifiable code to prevent remote attackers from obtaining unintended access to stack memory. As a temporary workaround, consider restricting the execution of crafted .NET applications to minimize the risk of exploitation.