.NET Framework Remote Code Execution Vulnerability
CVE-2023-29326

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft .net Framework 3.5 And 4.8; Microsoft .net Framework 3.5 And 4.7.2; Microsoft .net Framework 3.5 And 4.6.2/4.7/4.7.1/4.7.2; Microsoft .net Framework 3.5 And 4.8.1
Vendor: CVE Published:; 14 June 2023

Summary

This vulnerability in the .NET Framework allows remote code execution, enabling attackers to execute arbitrary code on an affected system. Exploitation occurs when a user accesses a compromised application. Successful attacks can lead to severe impacts, including unauthorized access to data and system resources, providing a significant threat to users and organizations.

Affected Version(s)

Microsoft .NET Framework 2.0 Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 2.0.0 < 3.0.6920.8954; 2.0.50727.8970

Microsoft .NET Framework 3.0 Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 3.0.0 < 3.0.6920.8954; 2.0.50727.8970

Microsoft .NET Framework 3.5 and 4.6.2 Windows 10 for 32-bit Systems 4.7.0 < 10.0.10240.19983

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2023
Vulnerability Reserved
Apr 4, 2023