VYPR
Unrated severityNVD Advisory· Published Sep 9, 2015· Updated Jun 17, 2026

CVE-2015-2504

CVE-2015-2504

Description

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts objects before performing an array copy, which allows remote attackers to (1) execute arbitrary code via a crafted XAML browser application (XBAP) or (2) bypass Code Access Security restrictions via a crafted .NET Framework application, aka ".NET Elevation of Privilege Vulnerability."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

9
  • cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:.net_framework:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:.net_framework:4.5:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:.net_framework:4.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
    • (no CPE)range: 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.