Kaspersky Threats

KLA10786
Code execution vulnerabilities in Microsoft Developer Tools

Updated: 07/22/2020

Detect date ?	04/12/2016
Severity ?	Critical
Description	Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities: A remote code execution vulnerability in .NET Framework can be exploited remotely to execute arbitrary code. A remote code execution vulnerability in GDI+ can be exploited remotely via specially crafted embedded to execute arbitrary code.
Affected products	Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6/4.6.1
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2016-0148 CVE-2016-0145
Impacts ?	ACE [?]
Related products	Microsoft .NET Framework
CVE-IDS ?	CVE-2016-01480.0Unknown CVE-2016-01450.0Unknown
Microsoft official advisories	Microsoft Security Update Guide
KB list	3147461 3147458 3143693 3142045 3142042 3142043 3142041
Exploitation	The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/39743 Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.