CVE-2009-0091

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 2.0 through 3.5

Description A remote code execution issue exists due to the improper enforcement of a type-equality constraint in .NET verifiable code. This allows remote attackers to execute arbitrary code via crafted applications, including XAML browser applications (XBAP), ASP.NET applications, or .NET Framework applications. The issue can be exploited by a malicious Microsoft .NET application bypassing a type equality check, leading to arbitrary unmanaged code execution by casting an object of one type into another type.

Recommendations For Microsoft .NET Framework versions 2.0 through 3.5, update to a version that properly enforces type-equality constraints to prevent arbitrary code execution.