Denial of Service Vulnerability in Microsoft Common Object Runtime Library
CVE-2019-1083

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft .net Framework 4.5.2; Microsoft .net Framework 4.6; Microsoft .net Framework 4.6/4.6.1/4.6.2; Microsoft .net Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Vendor: CVE Published:; 15 July 2019

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 10%

What is CVE-2019-1083?

A denial of service vulnerability occurs in the Microsoft Common Object Runtime Library due to improper handling of web requests. This vulnerability can be exploited, potentially leading to system instability and unavailability, affecting the functionality of applications reliant on the library.

Affected Version(s)

Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2

Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2

Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

HowCVE-2019-1083Works
Created by stevenseeley

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 13, 2020
👾
Exploit known to exist
May 13, 2020
Vulnerability published
Jul 15, 2019
Vulnerability Reserved
Nov 26, 2018

JSON