.NET DLL Hijacking Remote Code Execution Vulnerability
CVE-2023-28260

7.8HIGH

Key Information:

Vendor: Microsoft
Status: .net 6.0; .net 7.0; Microsoft Visual Studio 2022 Version 17.5; Microsoft Visual Studio 2022 Version 17.4
Vendor: CVE Published:; 11 April 2023

Summary

.NET DLL Hijacking Remote Code Execution Vulnerability

Affected Version(s)

.NET 6.0 Unknown 6.0.0 < 6.0.16

.NET 7.0 Unknown 7.0.0 < 7.0.5

Microsoft Visual Studio 2022 version 17.0 Unknown 17.0.0 < 17.0.21

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 11, 2023
Vulnerability Reserved
Mar 13, 2023

Collectors

NVD DatabaseMitre Database

.