Описание
.NET Framework Information Disclosure Vulnerability
An information disclosure vulnerability exists when .NET Framework improperly parses XML input containing a reference to an external entity.
An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity declaration.
To exploit the vulnerability, an attacker could create specially crafted XML data and induce an application to parse and validate the XML data. For example, an attacker could create an XML file and upload it to a web-based application.
The update addresses the vulnerability by modifying the way that the XML External Entity (XXE) parser parses XML input.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft .NET Framework 4.6 on Windows Vista Service Pack 2 | ||
| Microsoft .NET Framework 4.5.2 on Windows Vista x64 Edition Service Pack 2 | ||
| Microsoft .NET Framework 4.6 on Windows Vista x64 Edition Service Pack 2 | ||
| Microsoft .NET Framework 4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | ||
| Microsoft .NET Framework 4.6 on Windows Server 2008 for x64-based Systems Service Pack 2 | ||
| Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2 | ||
| Microsoft .NET Framework 4.5.2 on Windows 7 for 32-bit Systems Service Pack 1 | ||
| Microsoft .NET Framework 4.6/4.6.1 on Windows 7 for 32-bit Systems Service Pack 1 | ||
| Microsoft .NET Framework 4.5.2 on Windows 7 for x64-based Systems Service Pack 1 | ||
| Microsoft .NET Framework 4.6/4.6.1 on Windows 7 for x64-based Systems Service Pack 1 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
Связанные уязвимости
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability."
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability."
Уязвимость программной платформы Microsoft .NET Framework, позволяющая нарушителю читать произвольные файлы
EPSS