5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
8 High
AI Score
Confidence
High
0.943 High
EPSS
Percentile
99.2%
Multiple serious vulnerabilities have been found in Microsoft .NET Framework. Malicious users can exploit these vulnerabilities to cause denial of service or obtain sensitive information.
Below is a complete list of vulnerabilities
Technical details
To mitigate vulnerability (1) do not load XSL stylesheets from untrusted sources.
Vulnerability (2) can be exploited by uploading specially designed data and getting response via uploaded icon information.
CVE-2016-0033 warning
CVE-2016-0047 warning
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
support.microsoft.com/kb/3135173
support.microsoft.com/kb/3135174
support.microsoft.com/kb/3137893
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0033
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0047
statistics.securelist.com/
threats.kaspersky.com/en/product/Microsoft-.NET-Framework/
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
8 High
AI Score
Confidence
High
0.943 High
EPSS
Percentile
99.2%