CVE-2016-0148

Опубликовано: 12 апр. 2016

Источник: msrc

EPSS Низкий

Описание

.NET Framework Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Microsoft .NET Framework fails to properly validate input before loading libraries. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

To exploit the vulnerability, an attacker would first need to access the local system with the ability to execute a malicious application.

The security update addresses the vulnerability by correcting how .NET validates input on library load.

Обновления

Продукт	Статья	Обновление
Microsoft .NET Framework 4.6 on Windows Vista Service Pack 2	3143693	Security Update
Microsoft .NET Framework 4.6 on Windows Vista x64 Edition Service Pack 2	3143693	Security Update
Microsoft .NET Framework 4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2	3143693	Security Update
Microsoft .NET Framework 4.6 on Windows Server 2008 for x64-based Systems Service Pack 2	3143693	Security Update
Microsoft .NET Framework 4.6/4.6.1 on Windows 7 for 32-bit Systems Service Pack 1	3143693	Security Update
Microsoft .NET Framework 4.6/4.6.1 on Windows 7 for x64-based Systems Service Pack 1	3143693	Security Update
Microsoft .NET Framework 4.6/4.6.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1	3143693	Security Update
Microsoft .NET Framework 4.6/4.6.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)	3143693	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Yes

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

EPSS

Процентиль: 91%

0.07287

Низкий

Связанные уязвимости

CVE-2016-0148

CVSS3: 7.8

nvd

около 9 лет назад

Microsoft .NET Framework 4.6 and 4.6.1 mishandles library loading, which allows local users to gain privileges via a crafted application, aka ".NET Framework Remote Code Execution Vulnerability."

GHSA-c286-rjqc-8qxh

CVSS3: 7.8

github

около 3 лет назад

Microsoft .NET Framework 4.6 and 4.6.1 mishandles library loading, which allows local users to gain privileges via a crafted application, aka ".NET Framework Remote Code Execution Vulnerability."

BDU:2016-01015

fstec

около 9 лет назад

Уязвимость программной платформы Microsoft .NET Framework, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 91%

0.07287

Низкий