This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2012-05-08
Product .Net Framework Last view 2020-05-21
Version 3.0 Type Application
Update sp2  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:.net_framework

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.8 2020-05-21 CVE-2020-1066

An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.The update addresses the vulnerability by correcting how .NET Framework activates COM objects., aka '.NET Framework Elevation of Privilege Vulnerability'.

9.8 2020-01-14 CVE-2020-0646

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.

8.8 2020-01-14 CVE-2020-0606

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605.

8.8 2020-01-14 CVE-2020-0605

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606.

8.8 2019-07-15 CVE-2019-1113

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'.

7.5 2019-07-15 CVE-2019-1083

A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests, aka '.NET Denial of Service Vulnerability'.

7.5 2019-07-15 CVE-2019-1006

An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.

5.5 2019-05-16 CVE-2019-0864

A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory, aka '.NET Framework Denial of Service Vulnerability'.

8.8 2019-03-05 CVE-2019-0613

A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework and Visual Studio Remote Code Execution Vulnerability'.

7.5 2019-01-08 CVE-2019-0545

An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2.

9.8 2018-09-12 CVE-2018-8421

A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0.

7.5 2018-08-15 CVE-2018-8360

An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2.

5.5 2018-07-10 CVE-2018-8356

A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.

8.1 2018-07-10 CVE-2018-8284

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.

7.8 2018-07-10 CVE-2018-8202

An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka ".NET Framework Elevation of Privilege Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.

7.8 2018-05-09 CVE-2018-1039

A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka ".NET Framework Device Guard Security Feature Bypass Vulnerability." This affects Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2.

5.5 2016-10-13 CVE-2016-3209

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "True Type Font Parsing Information Disclosure Vulnerability."

5.9 2016-05-10 CVE-2016-0149

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext data into the client-server data stream, aka "TLS/SSL Information Disclosure Vulnerability."

8.8 2016-04-12 CVE-2016-0145

The font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold and 1511; Office 2007 SP3 and 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, and 3.5.1; Skype for Business 2016; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability."

9.8 2016-03-09 CVE-2016-0132

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signatures via a modified document, aka ".NET XML Validation Security Feature Bypass."

9.3 2015-08-14 CVE-2015-2464

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2463.

9.3 2015-08-14 CVE-2015-2463

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2464.

9.3 2015-08-14 CVE-2015-2462

ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."

9.3 2015-08-14 CVE-2015-2460

ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."

9.3 2015-08-14 CVE-2015-2456

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2455.

CWE : Common Weakness Enumeration

%idName
50% (16) CWE-20 Improper Input Validation
15% (5) CWE-200 Information Exposure
6% (2) CWE-295 Certificate Issues
6% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
6% (2) CWE-94 Failure to Control Generation of Code ('Code Injection')
6% (2) CWE-19 Data Handling
3% (1) CWE-399 Resource Management Errors
3% (1) CWE-269 Improper Privilege Management
3% (1) CWE-264 Permissions, Privileges, and Access Controls

OpenVAS Exploits

id Description
2012-05-09 Name : Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)
File : nvt/secpod_ms12-035.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0196 Multiple Vulnerabilities in Microsoft Graphics Component (MS15-080)
Severity: Category II - VMSKEY: V0061311
2014-A-0128 Microsoft .NET Framework Security Feature Bypass Vulnerability
Severity: Category II - VMSKEY: V0053805
2013-A-0232 Multiple Vulnerabilities in Microsoft Windows Kernel-Mode Drivers
Severity: Category I - VMSKEY: V0042582
2013-A-0187 Multiple Vulnerabilities in Microsoft .NET Framework
Severity: Category I - VMSKEY: V0040753
2013-A-0190 Multiple Vulnerabilities in Microsoft Windows Kernel-Mode Drivers
Severity: Category I - VMSKEY: V0040763
2013-A-0135 Microsoft GDI+ Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0039199
2013-B-0071 Multiple Vulnerabilities in Microsoft .NET Framework and Silverlight
Severity: Category II - VMSKEY: V0039211
2012-A-0080 Multiple Remote Code Execution Vulnerabilities in Microsoft .NET Framework
Severity: Category I - VMSKEY: V0032305

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2020-09-02 Microsoft .NET API XPS file parsing remote code execution attempt
RuleID : 54619 - Type : FILE-OTHER - Revision : 1
2020-09-02 Microsoft .NET API XPS file parsing remote code execution attempt
RuleID : 54618 - Type : FILE-OTHER - Revision : 1
2016-11-08 Microsoft Windows malformed TrueType file RCVT out of bounds read attempt
RuleID : 40409 - Type : FILE-OTHER - Revision : 2
2016-11-08 Microsoft Windows malformed TrueType file RCVT out of bounds read attempt
RuleID : 40408 - Type : FILE-OTHER - Revision : 2
2016-05-12 Microsoft Windows win32k.sys glyph bitmap boundary out of bounds memory acces...
RuleID : 38494 - Type : FILE-OTHER - Revision : 2
2016-05-12 Microsoft Windows win32k.sys glyph bitmap boundary out of bounds memory acces...
RuleID : 38493 - Type : FILE-OTHER - Revision : 2
2015-09-10 Microsoft Windows malformed TTF table hmtx remote code execution attempt
RuleID : 35530 - Type : FILE-OTHER - Revision : 2
2015-09-10 Microsoft Windows malformed TTF table hmtx remote code execution attempt
RuleID : 35529 - Type : FILE-OTHER - Revision : 2
2015-09-10 Microsoft Windows TrueType font parsing integer underflow attempt
RuleID : 35526 - Type : OS-WINDOWS - Revision : 4
2015-09-10 Microsoft Windows TrueType font parsing integer underflow attempt
RuleID : 35525 - Type : OS-WINDOWS - Revision : 4
2015-09-10 Microsoft Windows TTF invalid system memory access attempt
RuleID : 35524 - Type : OS-WINDOWS - Revision : 4
2015-09-10 Microsoft Windows TTF invalid system memory access attempt
RuleID : 35523 - Type : OS-WINDOWS - Revision : 4
2015-09-10 Microsoft Windows kernel-mode driver TTF file glyf table out of bounds attempt
RuleID : 35520 - Type : FILE-OTHER - Revision : 3
2015-09-10 Microsoft Windows kernel-mode driver TTF file glyf table out of bounds attempt
RuleID : 35519 - Type : FILE-OTHER - Revision : 3
2015-09-10 Microsoft Windows ATFM.DLL malformed OTF use-after-free attempt
RuleID : 35516 - Type : OS-WINDOWS - Revision : 2
2015-09-10 Microsoft Windows ATFM.DLL malformed OTF use-after-free attempt
RuleID : 35515 - Type : OS-WINDOWS - Revision : 2
2015-09-10 Microsoft Windows GDI DrvQueryFontData function uninitialized glyph data remo...
RuleID : 35492 - Type : FILE-OTHER - Revision : 3
2015-09-10 Microsoft Windows GDI DrvQueryFontData function uninitialized glyph data remo...
RuleID : 35491 - Type : FILE-OTHER - Revision : 3
2015-09-10 Microsoft Windows atmfd.dll font driver malformed OTF file remote code execut...
RuleID : 35486 - Type : FILE-OTHER - Revision : 2
2015-09-10 Microsoft Windows atmfd.dll font driver malformed OTF file remote code execut...
RuleID : 35485 - Type : FILE-OTHER - Revision : 2
2015-06-17 Microsoft Windows Win32k TrueType Font parsing out of bounds attempt
RuleID : 34441 - Type : OS-WINDOWS - Revision : 2
2015-06-17 Microsoft Windows Win32k TrueType Font parsing out of bounds attempt
RuleID : 34440 - Type : OS-WINDOWS - Revision : 2
2014-04-24 ATMFD Adobe font driver reserved command denial of service attempt
RuleID : 30241 - Type : FILE-OTHER - Revision : 2
2014-04-24 ATMFD Adobe font driver reserved command denial of service attempt
RuleID : 30240 - Type : FILE-OTHER - Revision : 2
2014-01-10 ATMFD Adobe font driver reserved command denial of service attempt
RuleID : 28203 - Type : FILE-OTHER - Revision : 4

Nessus® Vulnerability Scanner

id Description
2016-10-12 Name: The remote host is affected by multiple vulnerabilities.
File: smb_nt_ms16-120.nasl - Type: ACT_GATHER_INFO
2016-10-12 Name: A multimedia application framework installed on the remote macOS or Mac OS X ...
File: macosx_ms16-120.nasl - Type: ACT_GATHER_INFO
2016-05-10 Name: The remote Windows host is affected by an information disclosure vulnerability.
File: smb_nt_ms16-065.nasl - Type: ACT_GATHER_INFO
2016-04-12 Name: The remote host is affected by multiple vulnerabilities.
File: smb_nt_ms16-039.nasl - Type: ACT_GATHER_INFO
2016-03-08 Name: The remote Windows host is affected by a security feature bypass vulnerability.
File: smb_nt_ms16-035.nasl - Type: ACT_GATHER_INFO
2015-08-12 Name: The remote host is affected by multiple vulnerabilities.
File: smb_nt_ms15-080.nasl - Type: ACT_GATHER_INFO
2015-08-12 Name: A multimedia application framework installed on the remote Mac OS X host is a...
File: macosx_ms15-080.nasl - Type: ACT_GATHER_INFO
2015-05-13 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms15-044.nasl - Type: ACT_GATHER_INFO
2015-05-12 Name: A multimedia application framework installed on the remote Mac OS X host is a...
File: macosx_ms15-049.nasl - Type: ACT_GATHER_INFO
2014-09-10 Name: The version of the .NET Framework installed on the remote host is affected by...
File: smb_nt_ms14-053.nasl - Type: ACT_GATHER_INFO
2014-08-12 Name: The version of the .NET Framework installed on the remote host is affected by...
File: smb_nt_ms14-046.nasl - Type: ACT_GATHER_INFO
2013-10-09 Name: The .NET Framework install on the remote Windows host could allow arbitrary c...
File: smb_nt_ms13-082.nasl - Type: ACT_GATHER_INFO
2013-10-09 Name: The Windows kernel drivers on the remote host are affected by multiple vulner...
File: smb_nt_ms13-081.nasl - Type: ACT_GATHER_INFO
2013-07-10 Name: The remote Windows host has a remote code execution vulnerability.
File: smb_nt_ms13-054.nasl - Type: ACT_GATHER_INFO
2013-07-10 Name: The Windows kernel on the remote host is affected by multiple vulnerabilities.
File: smb_nt_ms13-053.nasl - Type: ACT_GATHER_INFO
2013-07-10 Name: The .NET Framework install on the remote Windows host could allow arbitrary c...
File: smb_nt_ms13-052.nasl - Type: ACT_GATHER_INFO
2012-05-09 Name: The .NET Framework install on the remote Windows host could allow arbitrary c...
File: smb_nt_ms12-035.nasl - Type: ACT_GATHER_INFO