Denial of Service Vulnerability in Microsoft Common Object Runtime Library
CVE-2019-1083

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft .net Framework 4.5.2; Microsoft .net Framework 4.6; Microsoft .net Framework 4.6/4.6.1/4.6.2; Microsoft .net Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Vendor: CVE Published:; 15 July 2019

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A denial of service vulnerability occurs in the Microsoft Common Object Runtime Library due to improper handling of web requests. This vulnerability can be exploited, potentially leading to system instability and unavailability, affecting the functionality of applications reliant on the library.

Affected Version(s)

Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2

Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2

Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

HowCVE-2019-1083Works
Created by stevenseeley

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
May 13, 2020
👾
Exploit known to exist
May 13, 2020
Vulnerability published
Jul 15, 2019
Vulnerability Reserved
Nov 26, 2018