CyberSec.Space Logo
Back to CVE Browser

CVE-2008-5100

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1730%
EPSS Percentile6.15th
PublishedNov 17, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.

Affected Platforms (CPE)

πŸ“¦
Microsoft

.net Framework

= 2.0.50727

References & Advisories

πŸ”— http://securityreason.com/securityalert/4605
πŸ”— http://www.applicationsecurity.co.il/.NET-Framework-Rootkits.aspx
πŸ”— http://www.applicationsecurity.co.il/LinkClick.aspx?fileticket=ycIS1bewMBI%3d&tabid=161&mid=555
πŸ”— http://www.securityfocus.com/archive/1/498311/100/0/threaded
πŸ”— http://securityreason.com/securityalert/4605
πŸ”— http://www.applicationsecurity.co.il/.NET-Framework-Rootkits.aspx
πŸ”— http://www.applicationsecurity.co.il/LinkClick.aspx?fileticket=ycIS1bewMBI%3d&tabid=161&mid=555
πŸ”— http://www.securityfocus.com/archive/1/498311/100/0/threaded

Related Vulnerabilities

CVE-2014-407310.0

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the Click...

CVE-2014-180610.0

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly res...

CVE-2013-007310.0

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict ...

CVE-2014-412110.0

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifi...