exploitDog

GHSA-ff6w-hvc6-x733

Опубликовано: 04 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."

Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."

Ссылки

EPSS

Процентиль: 98%

0.56278

Средний

CVE ID

Дефекты

CWE-94

Связанные уязвимости

CVE-2012-0015

nvd

почти 14 лет назад

Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."

EPSS

Процентиль: 98%

0.56278

Средний

CVE ID

Дефекты

CWE-94