8.8

CVE-2018-8260

A Remote Code Execution vulnerability exists in .NET software when the software fails to check the source markup of a file, aka ".NET Framework Remote Code Execution Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 4.7.2.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft.Net Framework Version4.7.2
   MicrosoftWindows 10 Version1607
   MicrosoftWindows 10 Version1703
   MicrosoftWindows 10 Version1709
   MicrosoftWindows 10 Version1803
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server Version1709
   MicrosoftWindows Server Version1803
   MicrosoftWindows Server 2008 Versionr2 Updatesp1
   MicrosoftWindows Server 2012
   MicrosoftWindows Server 2012 Versionr2
   MicrosoftWindows Server 2016 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 46.77% 0.976
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securitytracker.com/id/1041257
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/104666
Third Party Advisory
VDB Entry