VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 14, 2009· Updated Apr 23, 2026

CVE-2009-2497

CVE-2009-2497

Description

The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability."

Affected products

26
  • Microsoft/.net Framework7 versions
    cpe:2.3:a:microsoft:.net_framework:1.0:sp3:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:microsoft:.net_framework:1.0:sp3:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:.net_framework:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:.net_framework:3.5:sp1:*:*:*:*:*:*
  • Microsoft/Windows 2000
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • Microsoft/Windows 7
    cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
  • Microsoft/Windows Server 2003
    cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • Microsoft/Windows Server 20089 versions
    cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*+ 8 more
    • cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:sp2:itanium:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
  • Microsoft/Windows Vista4 versions
    cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
  • Microsoft/Windows Xp3 versions
    cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.