KLA10753
Multiple vulnerabilities in Microsoft .NET Framework
Обновлено: 17/06/2019
Дата обнаружения
09/02/2016
Уровень угрозы
Warning
Описание

Multiple serious vulnerabilities have been found in Microsoft .NET Framework. Malicious users can exploit these vulnerabilities to cause denial of service or obtain sensitive information.

Below is a complete list of vulnerabilities

  1. An improper handling of XSLT can be exploited remotely via a specially designed XML content to cause denial of service;
  2. An improper icon data handling at Windows Forms can be exploited remotely via a specially designed icon to obtain sensitive information.

Technical details

To mitigate vulnerability (1) do not load XSL stylesheets from untrusted sources.

Vulnerability (2) can be exploited by uploading specially designed data and getting response via uploaded icon information.

Пораженные продукты

Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.5.2, 4.6, 4.6.1

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2016-0033
CVE-2016-0047
Оказываемое влияние
?
OSI 
[?]

DoS 
[?]
Связанные продукты
Microsoft .NET Framework
CVE-IDS
CVE-2016-00335.0Critical
CVE-2016-00475.0Critical
Microsoft official advisories
Microsoft Security Update Guide
KB list

3135173
3135174
3137893