CVE-2018-8540

Summary

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 4.6.2.

Impact & exploitability

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products we track (3)

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Official patch: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8540 ↗

Additional information

• NVD record
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8540Patch
• http://www.securityfocus.com/bid/106073Advisory