KLA11315
Multiple vulnerabilities in Microsoft Developer Tools
Updated: 07/22/2020
Detect date
?
09/11/2018
Severity
?
Critical
Description

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, spoof user interface.

Below is a complete list of vulnerabilities:

  1. A denial of service vulnerability in System.IO.Pipelines can be exploited remotely via specially crafted requests to cause denial of service.
  2. A denial of service vulnerability in OData can be exploited remotely via specially crafted requests to cause denial of service.
  3. A remote code execution vulnerability in .NET Framework can be exploited remotely via specially crafted file to execute arbitrary code.
  4. A spoofing vulnerability in Azure IoT SDK can be exploited remotely to spoof user interface.
Affected products

Microsoft.Data.OData
.NET Core 2.1
ASP.NET Core 2.1
System.IO.Pipelines
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.7.2
Microsoft .NET Framework 4.7.1/4.7.2
ASP.NET Core 2.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.7/4.7.1/4.7.2
C SDK for Azure IoT

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2018-8409
CVE-2018-8269
CVE-2018-8421
CVE-2018-8479

Impacts
?
ACE 
[?]

DoS 
[?]

SUI 
[?]
Related products
Microsoft .NET Framework
Microsoft Azure
CVE-IDS
?
CVE-2018-82690.0Unknown
CVE-2018-84790.0Unknown
CVE-2018-84090.0Unknown
CVE-2018-84210.0Unknown
KB list

4457128
4457056
4457028
4457131
4457132
4457025
4457054
4457044
4457034
4457037
4457027
4457045
4457029
4457142
4457030
4457043
4457055
4457035
4457138
4457036
4457042
4457033
4457026
4457053
4457038

Microsoft official advisories
Microsoft Security Update Guide
Exploitation

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/46101