Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 2012-05-08 |
| Product | .Net Framework | Last view | 2023-11-14 |
| Version | 3.0 | Type | Application |
| Update | sp2 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:microsoft:.net_framework | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 8.8 | 2023-11-14 | CVE-2023-36560 | ASP.NET Security Feature Bypass Vulnerability |
| 9.8 | 2023-11-14 | CVE-2023-36049 | .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability |
| 7.8 | 2023-09-12 | CVE-2023-36796 | Visual Studio Remote Code Execution Vulnerability |
| 7.8 | 2023-09-12 | CVE-2023-36794 | Visual Studio Remote Code Execution Vulnerability |
| 7.8 | 2023-09-12 | CVE-2023-36793 | Visual Studio Remote Code Execution Vulnerability |
| 7.8 | 2023-09-12 | CVE-2023-36792 | Visual Studio Remote Code Execution Vulnerability |
| 7.8 | 2023-09-12 | CVE-2023-36788 | .NET Framework Remote Code Execution Vulnerability |
| 7.5 | 2023-06-14 | CVE-2023-32030 | .NET and Visual Studio Denial of Service Vulnerability |
| 7.5 | 2023-06-14 | CVE-2023-29331 | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability |
| 7.8 | 2023-06-14 | CVE-2023-29326 | .NET Framework Remote Code Execution Vulnerability |
| 7.5 | 2023-06-14 | CVE-2023-24936 | .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability |
| 7.8 | 2023-06-14 | CVE-2023-24895 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability |
| 5 | 2023-02-14 | CVE-2023-21722 | .NET Framework Denial of Service Vulnerability |
| 7.8 | 2022-12-13 | CVE-2022-41089 | .NET Framework Remote Code Execution Vulnerability |
| 7.8 | 2022-09-13 | CVE-2022-26929 | .NET Framework Remote Code Execution Vulnerability. |
| 3.3 | 2022-05-10 | CVE-2022-30130 | .NET Framework Denial of Service Vulnerability |
| 7.5 | 2022-04-15 | CVE-2022-26832 | .NET Framework Denial of Service Vulnerability. |
| 7.8 | 2020-05-21 | CVE-2020-1066 | An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.The update addresses the vulnerability by correcting how .NET Framework activates COM objects., aka '.NET Framework Elevation of Privilege Vulnerability'. |
| 9.8 | 2020-01-14 | CVE-2020-0646 | A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'. |
| 8.8 | 2020-01-14 | CVE-2020-0606 | A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605. |
| 8.8 | 2020-01-14 | CVE-2020-0605 | A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606. |
| 8.8 | 2019-07-15 | CVE-2019-1113 | A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. |
| 7.5 | 2019-07-15 | CVE-2019-1083 | A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests, aka '.NET Denial of Service Vulnerability'. |
| 7.5 | 2019-07-15 | CVE-2019-1006 | An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'. |
| 5.5 | 2019-05-16 | CVE-2019-0864 | A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory, aka '.NET Framework Denial of Service Vulnerability'. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 46% (14) | CWE-20 | Improper Input Validation |
| 16% (5) | CWE-200 | Information Exposure |
| 6% (2) | CWE-295 | Certificate Issues |
| 6% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 6% (2) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 6% (2) | CWE-19 | Data Handling |
| 3% (1) | CWE-399 | Resource Management Errors |
| 3% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 3% (1) | CWE-91 | XML Injection (aka Blind XPath Injection) |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-05-09 | Name : Microsoft .NET Framework Remote Code Execution Vulnerability (2693777) File : nvt/secpod_ms12-035.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-A-0196 | Multiple Vulnerabilities in Microsoft Graphics Component (MS15-080) Severity: Category II - VMSKEY: V0061311 |
| 2014-A-0128 | Microsoft .NET Framework Security Feature Bypass Vulnerability Severity: Category II - VMSKEY: V0053805 |
| 2013-A-0135 | Microsoft GDI+ Remote Code Execution Vulnerability Severity: Category II - VMSKEY: V0039199 |
| 2013-B-0071 | Multiple Vulnerabilities in Microsoft .NET Framework and Silverlight Severity: Category II - VMSKEY: V0039211 |
| 2012-A-0080 | Multiple Remote Code Execution Vulnerabilities in Microsoft .NET Framework Severity: Category I - VMSKEY: V0032305 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-09-02 | Microsoft .NET API XPS file parsing remote code execution attempt RuleID : 54619 - Type : FILE-OTHER - Revision : 1 |
| 2020-09-02 | Microsoft .NET API XPS file parsing remote code execution attempt RuleID : 54618 - Type : FILE-OTHER - Revision : 1 |
| 2016-11-08 | Microsoft Windows malformed TrueType file RCVT out of bounds read attempt RuleID : 40409 - Type : FILE-OTHER - Revision : 2 |
| 2016-11-08 | Microsoft Windows malformed TrueType file RCVT out of bounds read attempt RuleID : 40408 - Type : FILE-OTHER - Revision : 2 |
| 2016-05-12 | Microsoft Windows win32k.sys glyph bitmap boundary out of bounds memory acces... RuleID : 38494 - Type : FILE-OTHER - Revision : 2 |
| 2016-05-12 | Microsoft Windows win32k.sys glyph bitmap boundary out of bounds memory acces... RuleID : 38493 - Type : FILE-OTHER - Revision : 2 |
| 2015-09-10 | Microsoft Windows malformed TTF table hmtx remote code execution attempt RuleID : 35530 - Type : FILE-OTHER - Revision : 2 |
| 2015-09-10 | Microsoft Windows malformed TTF table hmtx remote code execution attempt RuleID : 35529 - Type : FILE-OTHER - Revision : 2 |
| 2015-09-10 | Microsoft Windows TrueType font parsing integer underflow attempt RuleID : 35526 - Type : OS-WINDOWS - Revision : 4 |
| 2015-09-10 | Microsoft Windows TrueType font parsing integer underflow attempt RuleID : 35525 - Type : OS-WINDOWS - Revision : 4 |
| 2015-09-10 | Microsoft Windows TTF invalid system memory access attempt RuleID : 35524 - Type : OS-WINDOWS - Revision : 4 |
| 2015-09-10 | Microsoft Windows TTF invalid system memory access attempt RuleID : 35523 - Type : OS-WINDOWS - Revision : 4 |
| 2015-09-10 | Microsoft Windows kernel-mode driver TTF file glyf table out of bounds attempt RuleID : 35520 - Type : FILE-OTHER - Revision : 3 |
| 2015-09-10 | Microsoft Windows kernel-mode driver TTF file glyf table out of bounds attempt RuleID : 35519 - Type : FILE-OTHER - Revision : 3 |
| 2015-09-10 | Microsoft Windows ATFM.DLL malformed OTF use-after-free attempt RuleID : 35516 - Type : OS-WINDOWS - Revision : 2 |
| 2015-09-10 | Microsoft Windows ATFM.DLL malformed OTF use-after-free attempt RuleID : 35515 - Type : OS-WINDOWS - Revision : 2 |
| 2015-09-10 | Microsoft Windows GDI DrvQueryFontData function uninitialized glyph data remo... RuleID : 35492 - Type : FILE-OTHER - Revision : 3 |
| 2015-09-10 | Microsoft Windows GDI DrvQueryFontData function uninitialized glyph data remo... RuleID : 35491 - Type : FILE-OTHER - Revision : 3 |
| 2015-09-10 | Microsoft Windows atmfd.dll font driver malformed OTF file remote code execut... RuleID : 35486 - Type : FILE-OTHER - Revision : 2 |
| 2015-09-10 | Microsoft Windows atmfd.dll font driver malformed OTF file remote code execut... RuleID : 35485 - Type : FILE-OTHER - Revision : 2 |
| 2015-06-17 | Microsoft Windows Win32k TrueType Font parsing out of bounds attempt RuleID : 34441 - Type : OS-WINDOWS - Revision : 2 |
| 2015-06-17 | Microsoft Windows Win32k TrueType Font parsing out of bounds attempt RuleID : 34440 - Type : OS-WINDOWS - Revision : 2 |
| 2014-01-10 | Microsoft Internet Explorer xbap custom ISeralizable object exception attempt RuleID : 22080 - Type : BROWSER-IE - Revision : 7 |
| 2014-01-10 | Microsoft .NET framework EvidenceBase class remote code execution attempt RuleID : 22079 - Type : OS-WINDOWS - Revision : 7 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2016-10-12 | Name: A multimedia application framework installed on the remote macOS or Mac OS X ... File: macosx_ms16-120.nasl - Type: ACT_GATHER_INFO |
| 2016-10-12 | Name: The remote host is affected by multiple vulnerabilities. File: smb_nt_ms16-120.nasl - Type: ACT_GATHER_INFO |
| 2016-05-10 | Name: The remote Windows host is affected by an information disclosure vulnerability. File: smb_nt_ms16-065.nasl - Type: ACT_GATHER_INFO |
| 2016-04-12 | Name: The remote host is affected by multiple vulnerabilities. File: smb_nt_ms16-039.nasl - Type: ACT_GATHER_INFO |
| 2016-03-08 | Name: The remote Windows host is affected by a security feature bypass vulnerability. File: smb_nt_ms16-035.nasl - Type: ACT_GATHER_INFO |
| 2015-08-12 | Name: A multimedia application framework installed on the remote Mac OS X host is a... File: macosx_ms15-080.nasl - Type: ACT_GATHER_INFO |
| 2015-08-12 | Name: The remote host is affected by multiple vulnerabilities. File: smb_nt_ms15-080.nasl - Type: ACT_GATHER_INFO |
| 2015-05-13 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms15-044.nasl - Type: ACT_GATHER_INFO |
| 2015-05-12 | Name: A multimedia application framework installed on the remote Mac OS X host is a... File: macosx_ms15-049.nasl - Type: ACT_GATHER_INFO |
| 2014-09-10 | Name: The version of the .NET Framework installed on the remote host is affected by... File: smb_nt_ms14-053.nasl - Type: ACT_GATHER_INFO |
| 2014-08-12 | Name: The version of the .NET Framework installed on the remote host is affected by... File: smb_nt_ms14-046.nasl - Type: ACT_GATHER_INFO |
| 2013-07-10 | Name: The .NET Framework install on the remote Windows host could allow arbitrary c... File: smb_nt_ms13-052.nasl - Type: ACT_GATHER_INFO |
| 2013-07-10 | Name: The Windows kernel on the remote host is affected by multiple vulnerabilities. File: smb_nt_ms13-053.nasl - Type: ACT_GATHER_INFO |
| 2013-07-10 | Name: The remote Windows host has a remote code execution vulnerability. File: smb_nt_ms13-054.nasl - Type: ACT_GATHER_INFO |
| 2012-05-09 | Name: The .NET Framework install on the remote Windows host could allow arbitrary c... File: smb_nt_ms12-035.nasl - Type: ACT_GATHER_INFO |
