CVE-2017-0160

Опубликовано: 11 апр. 2017

Источник: msrc

EPSS Средний

Описание

.NET Framework Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Microsoft .NET Framework fails to properly validate input before loading libraries. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

To exploit the vulnerability, an attacker would first need to access the local system with the ability to execute a malicious application.

The security update addresses the vulnerability by correcting how .NET validates input on library load.

Обновления

Продукт	Статья	Обновление
Microsoft .NET Framework 3.5.1 on Windows 7 for 32-bit Systems Service Pack 1	4014981 4014985	Monthly Rollup Security Only
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1	4014981 4014985	Monthly Rollup Security Only
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1	4014981 4014985	Monthly Rollup Security Only
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)	4014981 4014985	Monthly Rollup Security Only
Microsoft .NET Framework 3.5.1 on Windows 7 for x64-based Systems Service Pack 1	4014981 4014985	Monthly Rollup Security Only
Microsoft .NET Framework 4.5.2 on Windows Vista Service Pack 2	4014984 4014988	Monthly Rollup Security Only
Microsoft .NET Framework 4.5.2 on Windows Vista x64 Edition Service Pack 2	4014984 4014988	Monthly Rollup Security Only
Microsoft .NET Framework 4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2	4014984 4014988	Monthly Rollup Security Only
Microsoft .NET Framework 4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2	4014984 4014988	Monthly Rollup Security Only
Microsoft .NET Framework 4.5.2 on Windows 7 for 32-bit Systems Service Pack 1	4014981 4014985	Monthly Rollup Security Only

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

EPSS

Процентиль: 95%

0.21605

Средний

Связанные уязвимости

CVE-2017-0160

CVSS3: 7.8

nvd

около 8 лет назад

Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability."

GHSA-fp95-p83c-7h99

CVSS3: 7.8

github

около 3 лет назад

Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability."

BDU:2017-02101

fstec

около 8 лет назад

Уязвимость программной платформы Microsoft .NET Framework, позволяющая нарушителю выполнить вредоносный код

EPSS

Процентиль: 95%

0.21605

Средний