CyberSec.Space Logo
返回 CVE 浏览器

CVE-2008-5100

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1730%
EPSS Percentile6.15th
Published2008年11月17日
Last Modified2026年4月23日

Vulnerability Description

The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.

Affected Platforms (CPE)

📦
Microsoft

.net Framework

= 2.0.50727

References & Advisories

🔗 http://securityreason.com/securityalert/4605
🔗 http://www.applicationsecurity.co.il/.NET-Framework-Rootkits.aspx
🔗 http://www.applicationsecurity.co.il/LinkClick.aspx?fileticket=ycIS1bewMBI%3d&tabid=161&mid=555
🔗 http://www.securityfocus.com/archive/1/498311/100/0/threaded
🔗 http://securityreason.com/securityalert/4605
🔗 http://www.applicationsecurity.co.il/.NET-Framework-Rootkits.aspx
🔗 http://www.applicationsecurity.co.il/LinkClick.aspx?fileticket=ycIS1bewMBI%3d&tabid=161&mid=555
🔗 http://www.securityfocus.com/archive/1/498311/100/0/threaded

相关漏洞威胁

CVE-2014-407310.0

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the Click...

CVE-2014-180610.0

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly res...

CVE-2013-007310.0

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict ...

CVE-2014-412110.0

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifi...