.NET Framework Remote Code Execution Vulnerability
CVE-2023-36788

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft .net Framework 3.5 And 4.8; Microsoft .net Framework 3.5 And 4.7.2; Microsoft .net Framework 3.5 And 4.6.2/4.7/4.7.1/4.7.2; Microsoft .net Framework 3.5 And 4.8.1
Vendor: CVE Published:; 12 September 2023

Summary

The .NET Framework exhibits a vulnerability that allows attackers to execute arbitrary code on affected systems when they gain access to the application’s execution context. This could potentially enable the attacker to install programs, view or change data, or create new accounts with full user rights. Organizations are encouraged to apply the latest security updates to mitigate this risk.

Affected Version(s)

Microsoft .NET Framework 2.0 Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 2.0.0 < 3.0.30729.8957

Microsoft .NET Framework 3.0 Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 3.0.0 < 3.0.30729.8957

Microsoft .NET Framework 3.5 and 4.6.2 Windows 10 for 32-bit Systems 4.7.0 < 10.0.10240.20162

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 12, 2023
Vulnerability Reserved
Jun 27, 2023