The JIT compiler in Microsoft .NET Framework 3.5 Gold and...
Moderate severity
Unreviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated Oct 17, 2024
Description
Published by the National Vulnerability Database
May 10, 2011
Published to the GitHub Advisory Database
May 13, 2022
Last updated
Oct 17, 2024
The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework JIT Optimization Vulnerability."
References