Описание
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability."
Ссылки
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.5:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.0861
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-94
Связанные уязвимости
github
больше 3 лет назад
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability."
EPSS
Процентиль: 92%
0.0861
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-94