MS10-060: Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906)

This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.

Synopsis :

The Microsoft .NET Common Language Runtime and/or Microsoft
Silverlight have multiple vulnerabilities.

Description :

The remote Windows host is running a version of the Microsoft .NET
Framework and/or Microsoft Silverlight affected by multiple
vulnerabilities :

- Silverlight improperly handles pointers in an unspecified
manner. A remote attacker could exploit this by tricking
a user into viewing a web page with maliciously crafted
Silverlight content. (CVE-2010-0019)

- An unspecified vulnerability in the .NET framework can
allow a specially crafted .NET or Silverlight application
to access memory, resulting in arbitrary unmanaged
code execution. (CVE-2010-1898)

See also :

Solution :

Microsoft has released a set of patches for .NET Framework 2.0, 3.5,
and Silverlight.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 48297 ()

Bugtraq ID: 42138

CVE ID: CVE-2010-0019