.NET Framework Remote Code Execution Vulnerability for Microsoft .NET Framework 4.6 and .NET Framework 4.6.1 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB3143693)

Risk Information

Base Score

7.8

MODERATE

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

No records found

CVE Information

Source CVE
CVE-2016-0148

Associated CVE
CVE-2016-0148

Patch Details

Patch associated with this vulnerability is supported by ManageEngine.

Patch ID
20418

Patch Description
Security Update for Microsoft .NET Framework 4.6 and .NET Framework 4.6.1 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB3143693)

References

http://packetstormsecurity.com/files/136671/.NET-Framework-4.6-DLL-Hijacking.html
http://seclists.org/fulldisclosure/2016/Apr/42
http://technet.microsoft.com/security/bulletin/MS16-041
http://www.securityfocus.com/archive/1/archive/1/538063/100/0/threaded
http://www.securitytracker.com/id/1035535
http://www.zerodayinitiative.com/advisories/ZDI-16-234
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-0148