Multiple vulnerabilities in Microsoft .NET Framework

Description

Multiple serious vulnerabilities have been found in Microsoft .NET Framework. Malicious users can exploit these vulnerabilities to cause denial of service or obtain sensitive information.

Below is a complete list of vulnerabilities

1. An improper handling of XSLT can be exploited remotely via a specially designed XML content to cause denial of service;
2. An improper icon data handling at Windows Forms can be exploited remotely via a specially designed icon to obtain sensitive information.

---

Technical details

To mitigate vulnerability (1) do not load XSL stylesheets from untrusted sources.

Vulnerability (2) can be exploited by uploading specially designed data and getting response via uploaded icon information.

Original advisories

• CVE-2016-0033

• CVE-2016-0047

Related products

• Microsoft-.NET-Framework

CVE list

• CVE-2016-0033
  warning
• CVE-2016-0047
  warning

KB list

• 3135173
• 3135174
• 3137893

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com