This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2014-09-09
Product .Net Framework Last view 2020-10-16
Version 4.5.2 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:.net_framework

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.5 2020-10-16 CVE-2020-16937

An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory, aka '.NET Framework Information Disclosure Vulnerability'.
5.5 2020-08-17 CVE-2020-1476

An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files, aka 'ASP.NET and .NET Elevation of Privilege Vulnerability'.
9.8 2020-01-14 CVE-2020-0646

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.
8.8 2020-01-14 CVE-2020-0606

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605.
8.8 2020-01-14 CVE-2020-0605

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606.
5.5 2019-09-11 CVE-2019-1142

An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations, aka '.NET Framework Elevation of Privilege Vulnerability'.
8.8 2019-07-15 CVE-2019-1113

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'.
7.5 2019-07-15 CVE-2019-1083

A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests, aka '.NET Denial of Service Vulnerability'.
7.5 2019-07-15 CVE-2019-1006

An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.
5.5 2019-05-16 CVE-2019-0864

A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory, aka '.NET Framework Denial of Service Vulnerability'.
8.8 2019-03-05 CVE-2019-0613

A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework and Visual Studio Remote Code Execution Vulnerability'.
7.5 2019-01-08 CVE-2019-0545

An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2.
9.8 2018-12-11 CVE-2018-8540

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 4.6.2.
7.5 2018-12-11 CVE-2018-8517

A denial of service vulnerability exists when .NET Framework improperly handles special web requests, aka ".NET Framework Denial Of Service Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
9.8 2018-09-12 CVE-2018-8421

A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0.
7.5 2018-08-15 CVE-2018-8360

An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2.
5.5 2018-07-10 CVE-2018-8356

A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
8.1 2018-07-10 CVE-2018-8284

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
7.8 2018-07-10 CVE-2018-8202

An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka ".NET Framework Elevation of Privilege Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
7.8 2018-05-09 CVE-2018-1039

A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka ".NET Framework Device Guard Security Feature Bypass Vulnerability." This affects Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2.
7.8 2017-09-12 CVE-2017-8759

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."
7.5 2017-05-12 CVE-2017-0248

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."
7.8 2017-04-12 CVE-2017-0160

Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability."
5.5 2016-10-13 CVE-2016-3209

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "True Type Font Parsing Information Disclosure Vulnerability."
7.5 2016-07-12 CVE-2016-3255

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability."

CWE : Common Weakness Enumeration

%idName
34% (15) CWE-20 Improper Input Validation
20% (9) CWE-200 Information Exposure
6% (3) CWE-295 Certificate Issues
6% (3) CWE-94 Failure to Control Generation of Code ('Code Injection')
6% (3) CWE-19 Data Handling
4% (2) CWE-399 Resource Management Errors
4% (2) CWE-264 Permissions, Privileges, and Access Controls
4% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
2% (1) CWE-310 Cryptographic Issues
2% (1) CWE-269 Improper Privilege Management
2% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
2% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
2% (1) CWE-17 Code

ExploitDB Exploits

id Description
35280 .NET Remoting Services Remote Command Execution

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0213 Multiple Vulnerabilities in Microsoft .NET Framework (MS15-101)
Severity: Category II - VMSKEY: V0061387
2015-A-0196 Multiple Vulnerabilities in Microsoft Graphics Component (MS15-080)
Severity: Category II - VMSKEY: V0061311
2015-A-0105 Multiple Vulnerabilities in Microsoft .NET Framework (MS15-048)
Severity: Category II - VMSKEY: V0060647
2015-A-0089 Microsoft .NET Framework Information Disclosure Vulnerability (MS15-041)
Severity: Category I - VMSKEY: V0059893
2014-A-0173 Microsoft .NET Framework Remote Privilege Escalation Vulnerability
Severity: Category I - VMSKEY: V0057383
2014-A-0147 Multiple Vulnerabilities in Microsoft .NET Framework
Severity: Category I - VMSKEY: V0055427

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2020-09-02 Microsoft .NET API XPS file parsing remote code execution attempt
RuleID : 54619 - Type : FILE-OTHER - Revision : 1
2020-09-02 Microsoft .NET API XPS file parsing remote code execution attempt
RuleID : 54618 - Type : FILE-OTHER - Revision : 1
2017-10-17 RTF WSDL file download attempt
RuleID : 44372 - Type : FILE-OFFICE - Revision : 2
2017-10-17 RTF WSDL file download attempt
RuleID : 44371 - Type : FILE-OFFICE - Revision : 2
2017-10-12 WSDL soap endpoint location code injection attempt
RuleID : 44354 - Type : FILE-OTHER - Revision : 2
2017-10-12 WSDL soap endpoint location code injection attempt
RuleID : 44353 - Type : FILE-OTHER - Revision : 2
2017-05-11 Microsoft Windows WMI DCOM arbitrary .NET serialization code execution attempt
RuleID : 42186 - Type : OS-WINDOWS - Revision : 3
2017-05-11 Microsoft Windows WMI DCOM arbitrary .NET serialization code execution attempt
RuleID : 42185 - Type : OS-WINDOWS - Revision : 3
2016-11-08 Microsoft Windows malformed TrueType file RCVT out of bounds read attempt
RuleID : 40409 - Type : FILE-OTHER - Revision : 2
2016-11-08 Microsoft Windows malformed TrueType file RCVT out of bounds read attempt
RuleID : 40408 - Type : FILE-OTHER - Revision : 2
2016-03-15 Microsoft .NET Framework XSLT parser stack exhaustion attempt
RuleID : 37656 - Type : OS-WINDOWS - Revision : 3
2016-03-15 Microsoft .NET Framework XSLT parser stack exhaustion attempt
RuleID : 37655 - Type : OS-WINDOWS - Revision : 3
2016-03-14 Microsoft Windows ClickOnce information disclosure attempt
RuleID : 36713 - Type : OS-WINDOWS - Revision : 3
2016-03-14 Microsoft Windows ClickOnce information disclosure attempt
RuleID : 36712 - Type : OS-WINDOWS - Revision : 2
2015-10-14 Microsoft Windows System.DirectoryServices.Protocols.Utility class memory ove...
RuleID : 36015 - Type : OS-WINDOWS - Revision : 2
2015-10-14 Microsoft Windows System.DirectoryServices.Protocols.Utility class memory ove...
RuleID : 36014 - Type : OS-WINDOWS - Revision : 2
2015-10-06 Microsoft System.Uri heap corruption attempt
RuleID : 35857 - Type : FILE-OTHER - Revision : 4
2015-09-10 Microsoft Windows malformed TTF table hmtx remote code execution attempt
RuleID : 35530 - Type : FILE-OTHER - Revision : 2
2015-09-10 Microsoft Windows malformed TTF table hmtx remote code execution attempt
RuleID : 35529 - Type : FILE-OTHER - Revision : 2
2015-09-10 Microsoft Windows TrueType font parsing integer underflow attempt
RuleID : 35526 - Type : OS-WINDOWS - Revision : 4
2015-09-10 Microsoft Windows TrueType font parsing integer underflow attempt
RuleID : 35525 - Type : OS-WINDOWS - Revision : 4
2015-09-10 Microsoft Windows TTF invalid system memory access attempt
RuleID : 35524 - Type : OS-WINDOWS - Revision : 4
2015-09-10 Microsoft Windows TTF invalid system memory access attempt
RuleID : 35523 - Type : OS-WINDOWS - Revision : 4
2015-09-10 Microsoft Windows kernel-mode driver TTF file glyf table out of bounds attempt
RuleID : 35520 - Type : FILE-OTHER - Revision : 3
2015-09-10 Microsoft Windows kernel-mode driver TTF file glyf table out of bounds attempt
RuleID : 35519 - Type : FILE-OTHER - Revision : 3

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-11-03 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_sep_4038781.nasl - Type: ACT_GATHER_INFO
2017-09-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_sep_4038777.nasl - Type: ACT_GATHER_INFO
2017-09-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_sep_4038782.nasl - Type: ACT_GATHER_INFO
2017-09-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_sep_4038783.nasl - Type: ACT_GATHER_INFO
2017-09-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_sep_4038788.nasl - Type: ACT_GATHER_INFO
2017-09-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_sep_4038792.nasl - Type: ACT_GATHER_INFO
2017-09-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_sep_4038799.nasl - Type: ACT_GATHER_INFO
2017-09-12 Name: The remote Windows host has a software framework installed that is affected b...
File: smb_nt_ms17_sep_4041083.nasl - Type: ACT_GATHER_INFO
2017-09-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_sep_win2008.nasl - Type: ACT_GATHER_INFO
2017-05-09 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_may_4019474.nasl - Type: ACT_GATHER_INFO
2017-05-09 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_may_4019473.nasl - Type: ACT_GATHER_INFO
2017-05-09 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_may_4019472.nasl - Type: ACT_GATHER_INFO
2017-05-09 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_may_4019215.nasl - Type: ACT_GATHER_INFO
2017-05-09 Name: The remote Windows host has a software framework installed that is affected b...
File: smb_nt_ms17_may_4019112.nasl - Type: ACT_GATHER_INFO
2017-05-09 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_may_4016871.nasl - Type: ACT_GATHER_INFO
2017-04-14 Name: The remote Windows host has a software framework installed that is affected b...
File: smb_nt_ms17_apr_4014981.nasl - Type: ACT_GATHER_INFO
2017-04-11 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_apr_4015221.nasl - Type: ACT_GATHER_INFO
2017-04-11 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_apr_4015583.nasl - Type: ACT_GATHER_INFO
2017-04-11 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_apr_4015219.nasl - Type: ACT_GATHER_INFO
2016-10-12 Name: The remote host is affected by multiple vulnerabilities.
File: smb_nt_ms16-120.nasl - Type: ACT_GATHER_INFO
2016-10-12 Name: A multimedia application framework installed on the remote macOS or Mac OS X ...
File: macosx_ms16-120.nasl - Type: ACT_GATHER_INFO
2016-07-12 Name: The remote Windows host is affected by an information disclosure vulnerability.
File: smb_nt_ms16-091.nasl - Type: ACT_GATHER_INFO
2016-05-10 Name: The remote Windows host is affected by an information disclosure vulnerability.
File: smb_nt_ms16-065.nasl - Type: ACT_GATHER_INFO
2016-03-08 Name: The remote Windows host is affected by a security feature bypass vulnerability.
File: smb_nt_ms16-035.nasl - Type: ACT_GATHER_INFO
2016-02-09 Name: The remote host is affected by multiple vulnerabilities.
File: smb_nt_ms16-019.nasl - Type: ACT_GATHER_INFO