7.5

CVE-2018-0765

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft.Net Core Version2.0
Microsoft.Net Framework Version2.0 Updatesp2
   MicrosoftWindows Server 2008 Updatesp2
Microsoft.Net Framework Version3.0 Updatesp2
   MicrosoftWindows Server 2008 Updatesp2
Microsoft.Net Framework Version3.5
   MicrosoftWindows 10 Version-
   MicrosoftWindows 10 Version1607
   MicrosoftWindows 10 Version1703
   MicrosoftWindows 10 Version1709
   MicrosoftWindows 10 Version1803
   MicrosoftWindows 8.1
   MicrosoftWindows Server 2012
   MicrosoftWindows Server 2012 Versionr2
   MicrosoftWindows Server 2016 Version-
   MicrosoftWindows Server 2016 Version1803
Microsoft.Net Framework Version3.5.1
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows Server 2008 Versionr2 Updatesp1
Microsoft.Net Framework Version4.5.2
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Updatesp2
   MicrosoftWindows Server 2008 Versionr2 Updatesp1
   MicrosoftWindows Server 2012
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.6
   MicrosoftWindows Server 2008 Updatesp2
Microsoft.Net Framework Version4.6.2
   MicrosoftWindows 10 Version1607
   MicrosoftWindows Server 2016 Version-
Microsoft.Net Framework Version4.7
   MicrosoftWindows 10 Version1607
   MicrosoftWindows Server 2016 Version-
Microsoft.Net Framework Version4.7.1
   MicrosoftWindows 10 Version1607
   MicrosoftWindows Server 2016 Version-
Microsoft.Net Framework Version4.6
   MicrosoftWindows 10 Version-
Microsoft.Net Framework Version4.6.1
   MicrosoftWindows 10 Version-
Microsoft.Net Framework Version4.6.2
   MicrosoftWindows 10 Version-
Microsoft.Net Framework Version4.6
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Versionr2 Updatesp1
   MicrosoftWindows Server 2012
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.6.1
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Versionr2 Updatesp1
   MicrosoftWindows Server 2012
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.6.2
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Versionr2 Updatesp1
   MicrosoftWindows Server 2012
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.7
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Versionr2 Updatesp1
   MicrosoftWindows Server 2012
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.7.1
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Versionr2 Updatesp1
   MicrosoftWindows Server 2012
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.7.1
   MicrosoftWindows 10 Version1709
Microsoft.Net Framework Version4.7.2
   MicrosoftWindows 10 Version1803
Microsoft.Net Framework Version4.7
   MicrosoftWindows 10 Version1703
Microsoft.Net Framework Version4.7.1
   MicrosoftWindows 10 Version1703
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.64% 0.921
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

http://www.securityfocus.com/bid/104060
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040851
Third Party Advisory
VDB Entry