10

CVE-2018-8421

A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0.

Data is provided by the National Vulnerability Database (NVD)
Microsoft.Net Framework Version2.0 Updatesp2
   MicrosoftWindows Server 2008 Version- Updatesp2
Microsoft.Net Framework Version3.0 Updatesp2
   MicrosoftWindows Server 2008 Version- Updatesp2
Microsoft.Net Framework Version3.5
   MicrosoftWindows 10 Version-
   MicrosoftWindows 10 Version1607
   MicrosoftWindows 10 Version1703
   MicrosoftWindows 10 Version1709
   MicrosoftWindows 10 Version1803
   MicrosoftWindows 8.1
   MicrosoftWindows Server 2012
   MicrosoftWindows Server 2012 Versionr2
   MicrosoftWindows Server 2016
Microsoft.Net Framework Version3.5.1
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows Server 2008 Versionr2 Updatesp1
Microsoft.Net Framework Version4.5.2
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Updatesp2
   MicrosoftWindows Server 2008 Versionr2 Updatesp1
   MicrosoftWindows Server 2012
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.5.2
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Updatesp2
   MicrosoftWindows Server 2008 Versionr2 Updatesp1
   MicrosoftWindows Server 2012
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.6
   MicrosoftWindows Server 2008 Updatesp2
Microsoft.Net Framework Version4.6.2
   MicrosoftWindows 10 Version1607
   MicrosoftWindows Server 2016 Version-
Microsoft.Net Framework Version4.7
   MicrosoftWindows 10 Version1607
   MicrosoftWindows Server 2016 Version-
Microsoft.Net Framework Version4.7.1
   MicrosoftWindows 10 Version1607
   MicrosoftWindows Server 2016 Version-
Microsoft.Net Framework Version4.7.2
   MicrosoftWindows 10 Version1607
   MicrosoftWindows Server 2016 Version-
Microsoft.Net Framework Version4.6
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Versionr2 Updatesp1
   MicrosoftWindows Server 2012
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.6.1
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Versionr2 Updatesp1
   MicrosoftWindows Server 2012
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.6.2
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Versionr2 Updatesp1
   MicrosoftWindows Server 2012
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.7
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Versionr2 Updatesp1
   MicrosoftWindows Server 2012
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.7.1
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Versionr2 Updatesp1
   MicrosoftWindows Server 2012
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.7.2
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Versionr2 Updatesp1
   MicrosoftWindows Server 2012
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.7.1
   MicrosoftWindows 10 Version1709
   MicrosoftWindows Server Version1709
Microsoft.Net Framework Version4.7.2
   MicrosoftWindows 10 Version1709
   MicrosoftWindows Server Version1709
Microsoft.Net Framework Version4.7.2
   MicrosoftWindows 10 Version1803
   MicrosoftWindows Server Version1803
Microsoft.Net Framework Version4.7
   MicrosoftWindows 10 Version1703
Microsoft.Net Framework Version4.7.1
   MicrosoftWindows 10 Version1703
Microsoft.Net Framework Version4.7.2
   MicrosoftWindows 10 Version1703
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 43.14% 0.974
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/105222
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041636
Third Party Advisory
VDB Entry