Multiple vulnerabilities in Moonlight

Some vulnerabilities have been reported in Moonlight, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security features, and potentially compromise a user’s system, according to Secunia.

1. The “RuntimeHelpers.InitializeArray” implementation does not properly restrict the modification of read-only values, which can be exploited to e.g. crash plugins or corrupt the state of the security manager and bypass the Moonlight’s sandboxing limitations.

2. A race condition within the implementation of the Array.Copy “FastCopy” call can be exploited to e.g. crash plugins or corrupt the state of the security manager and bypass the Moonlight’s sandboxing limitations by modifying read-only values.

3. An error within Moonlight’s “DynamicMethod resurrection” implementation can be exploited to trigger a use-after-free condition.

4. An error when freeing unmanaged MonoThread instances can be exploited to e.g. disclose potentially sensitive information.

The vulnerabilities are reported in Moonlight 2.x prior to version 2.4.1.

Solution: Update to Moonlight 2.4.1.