9.3

CVE-2019-0613

A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework and Visual Studio Remote Code Execution Vulnerability'.

Data is provided by the National Vulnerability Database (NVD)
Microsoft.Net Framework Version2.0 Updatesp2
   MicrosoftWindows Server 2008 Version- Updatesp2
Microsoft.Net Framework Version3.0 Updatesp2
   MicrosoftWindows Server 2008 Version- Updatesp2
Microsoft.Net Framework Version3.5
   MicrosoftWindows 10 Version-
   MicrosoftWindows 10 Version1607
   MicrosoftWindows 10 Version1703
   MicrosoftWindows 10 Version1709
   MicrosoftWindows 10 Version1803
   MicrosoftWindows 10 Version1809
   MicrosoftWindows 8.1 Version-
   MicrosoftWindows Server 2012 Version-
   MicrosoftWindows Server 2012 Versionr2
   MicrosoftWindows Server 2016 Version-
   MicrosoftWindows Server 2019 Version-
Microsoft.Net Framework Version3.5.1
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformitanium
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
Microsoft.Net Framework Version4.5.2
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1 Version-
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Version- Updatesp2
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   MicrosoftWindows Server 2012 Version-
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.6
   MicrosoftWindows Server 2008 Version- Updatesp2
Microsoft.Net Framework Version4.6.2
   MicrosoftWindows 10 Version1607
   MicrosoftWindows Server 2016 Version-
Microsoft.Net Framework Version4.7
   MicrosoftWindows 10 Version1607
   MicrosoftWindows Server 2016 Version-
Microsoft.Net Framework Version4.7.1
   MicrosoftWindows 10 Version1607
   MicrosoftWindows Server 2016 Version-
Microsoft.Net Framework Version4.7.2
   MicrosoftWindows 10 Version1607
   MicrosoftWindows Server 2016 Version-
Microsoft.Net Framework Version4.6
   MicrosoftWindows 10 Version-
Microsoft.Net Framework Version4.6.1
   MicrosoftWindows 10 Version-
Microsoft.Net Framework Version4.6.2
   MicrosoftWindows 10 Version-
Microsoft.Net Framework Version4.6
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1 Version-
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   MicrosoftWindows Server 2012 Version-
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.6.1
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1 Version-
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   MicrosoftWindows Server 2012 Version-
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.6.2
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1 Version-
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   MicrosoftWindows Server 2012 Version-
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.7
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1 Version-
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   MicrosoftWindows Server 2012 Version-
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.7.1
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1 Version-
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   MicrosoftWindows Server 2012 Version-
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.7.2
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1 Version-
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   MicrosoftWindows Server 2012 Version-
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.7.1
   MicrosoftWindows 10 Version1709
   MicrosoftWindows Server 2016 Version1709
Microsoft.Net Framework Version4.7.2
   MicrosoftWindows 10 Version1709
   MicrosoftWindows Server 2016 Version1709
Microsoft.Net Framework Version4.7.2
   MicrosoftWindows 10 Version1803
   MicrosoftWindows 10 Version1809
   MicrosoftWindows Server 2016 Version1803
   MicrosoftWindows Server 2019 Version-
Microsoft.Net Framework Version4.7
   MicrosoftWindows 10 Version1703
Microsoft.Net Framework Version4.7.1
   MicrosoftWindows 10 Version1703
Microsoft.Net Framework Version4.7.2
   MicrosoftWindows 10 Version1703
MicrosoftVisual Studio 2017 Version15.9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 20.49% 0.953
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securityfocus.com/bid/106872
Third Party Advisory
VDB Entry