A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework and Visual Studio Remote Code Execution Vulnerability'.
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework Version 3.0 Service Pack 2
Microsoft .net Framework 3.5
Microsoft .net Framework 3.5.1
Microsoft .net framework 4.5.2 (not an official CPE)
Microsoft .net framework 4.6 (not an official CPE)
Microsoft .net framework 4.6.1 (not an official CPE)
Microsoft .net framework 4.6.2 (not an official CPE)
Microsoft .net framework 4.7 (not an official CPE)
Microsoft .net framework 4.7.1 (not an official CPE)
Microsoft .net framework 4.7.2 (not an official CPE)
Microsoft Visual studio 2017 - (not an official CPE)
Microsoft Visual studio 2017 15.9 (not an official CPE)
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidanc... | |||
| 106872 |
Improper Restriction of Operations within the Bounds of a Memory Buffer (ID 119)
Related CAPEC 11
Buffer Overflow via Environment Variables (CAPEC-ID 10)
Overflow Buffers (CAPEC-ID 100)
Client-side Injection-induced Buffer Overflow (CAPEC-ID 14)
Filter Failure through Buffer Overflow (CAPEC-ID 24)
MIME Conversion (CAPEC-ID 42)
Overflow Binary Resource File (CAPEC-ID 44)
Buffer Overflow via Symbolic Links (CAPEC-ID 45)
Overflow Variables and Tags (CAPEC-ID 46)
Buffer Overflow via Parameter Expansion (CAPEC-ID 47)
Buffer Overflow in an API Call (CAPEC-ID 8)
Buffer Overflow in Local Command-Line Utilities (CAPEC-ID 9)