Multiple vulnerabilities in Microsoft .NET Framework

Описание

Multiple serious vulnerabilities have been found in Microsoft .NET Framework. Malicious users can exploit these vulnerabilities to cause denial of service or obtain sensitive information.

Below is a complete list of vulnerabilities

1. An improper handling of XSLT can be exploited remotely via a specially designed XML content to cause denial of service;
2. An improper icon data handling at Windows Forms can be exploited remotely via a specially designed icon to obtain sensitive information.

---

Technical details

To mitigate vulnerability (1) do not load XSL stylesheets from untrusted sources.

Vulnerability (2) can be exploited by uploading specially designed data and getting response via uploaded icon information.

Первичный источник обнаружения

• CVE-2016-0033
  CVE-2016-0047
  

Связанные продукты

• Microsoft-.NET-Framework

Список CVE

• CVE-2016-0033
  warning
• CVE-2016-0047
  warning

Список KB

• 3135173
• 3135174
• 3137893

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com