.NET Framework Spoofing Vulnerability in Microsoft Products
CVE-2019-0657

5.9MEDIUM

Key Information:

Vendor

Microsoft
Status
Microsoft .net Framework 4.5.2
Microsoft .net Framework 4.6
.net Core
Microsoft Visual Studio
Vendor
CVE Published:
5 March 2019

What is CVE-2019-0657?

A spoofing vulnerability exists in specific APIs of the .NET Framework and Visual Studio, allowing attackers to craft malicious URLs that can mislead users. The improper parsing of URLs may result in security risks, as users may be tricked into visiting potentially harmful sites that appear legitimate. It is essential for users and administrators to apply available updates to mitigate this risk.

Affected Version(s)

.NET Core 1

.NET Core 2.1

.NET Core 2.2

References

https://access.redhat.com/errata/RHSA-2019:0349
vendor-advisoryx_refsource_REDHAT
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/106890
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.