Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11315
HistorySep 11, 2018 - 12:00 a.m.

KLA11315 Multiple vulnerabilities in Microsoft Developer Tools

2018-09-1100:00:00
Kaspersky Lab
threats.kaspersky.com
808

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.4 High

AI Score

Confidence

High

0.373 Low

EPSS

Percentile

97.2%

JSON

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, spoof user interface.

Below is a complete list of vulnerabilities:

  1. A denial of service vulnerability in System.IO.Pipelines can be exploited remotely via specially crafted requests to cause denial of service.
  2. A denial of service vulnerability in OData can be exploited remotely via specially crafted requests to cause denial of service.
  3. A remote code execution vulnerability in .NET Framework can be exploited remotely via specially crafted file to execute arbitrary code.
  4. A spoofing vulnerability in Azure IoT SDK can be exploited remotely to spoof user interface.

Original advisories

CVE-2018-8409

CVE-2018-8269

CVE-2018-8421

CVE-2018-8479

Exploitation

Public exploits exist for this vulnerability.

Related products

Microsoft-.NET-Framework

Microsoft-Azure

CVE list

CVE-2018-8269 warning

CVE-2018-8479 high

CVE-2018-8409 warning

CVE-2018-8421 critical

KB list

4457128

4457056

4457028

4457131

4457132

4457025

4457054

4457044

4457034

4457037

4457027

4457045

4457029

4457142

4457030

4457043

4457055

4457035

4457138

4457036

4457042

4457033

4457026

4457053

4457038

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

  • Microsoft.Data.OData.NET Core 2.1ASP.NET Core 2.1System.IO.PipelinesMicrosoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4.5.2Microsoft .NET Framework 4.6Microsoft .NET Framework 4.7.2Microsoft .NET Framework 4.7.1/4.7.2ASP.NET Core 2.2Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 4.7/4.7.1/4.7.2C SDK for Azure IoT

References

Related

osv 3
openvas 16
prion 4
cvelist 4
zdt 1
veracode 3
nvd 4
github 2
cve 4
packetstorm 1
mscve 4
symantec 4
redhatcve 2
nessus 11
exploitpack 1
mskb 35
exploitdb 1
krebs 1
threatpost 1
ibm 1
talosblog 1
osv
osv
Denial of service in ASP.NET Core
2018-10-16 19:58:31
Denial of service vulnerability exists when System.IO.Pipelines improperly handles requests
2018-10-16 19:56:38
CVE-2018-8409
2018-09-13 00:29:02
openvas
openvas
.NET Core OData Denial of Service Vulnerability - Windows
2023-08-07 00:00:00
'Microsoft.Data.OData' Denial of Service Vulnerability (Sep 2018) - Windows
2018-09-17 00:00:00
ASP.NET Core SDK 'System.IO.Pipelines' Denial of Service Vulnerability (Sep 2018) - Windows
2018-09-14 00:00:00
prion
prion
Denial of service
2018-09-13 00:29:00
Denial of service
2018-09-13 00:29:00
Spoofing
2018-09-13 00:29:00
cvelist
cvelist
CVE-2018-8409
2018-09-13 00:00:00
CVE-2018-8269
2018-09-13 00:00:00
CVE-2018-8479
2018-09-13 00:00:00
zdt
zdt
Microsoft Office SharePoint Server 2016 - Denial of Service Exploit
2019-01-09 00:00:00
veracode
veracode
Denial Of Service (DoS)
2018-09-14 07:08:23
Denial Of Service (DoS)
2018-09-13 09:53:23
Server Spoofing
2018-09-14 09:17:08
nvd
nvd
CVE-2018-8269
2018-09-13 00:29:00
CVE-2018-8409
2018-09-13 00:29:02
CVE-2018-8479
2018-09-13 00:29:07
github
github
Denial of service in ASP.NET Core
2018-10-16 19:58:31
Denial of service vulnerability exists when System.IO.Pipelines improperly handles requests
2018-10-16 19:56:38
cve
cve
CVE-2018-8269
2018-09-13 00:29:00
CVE-2018-8409
2018-09-13 00:29:02
CVE-2018-8479
2018-09-13 00:29:07
packetstorm
packetstorm
Microsoft Office SharePoint Server 2016 Denial Of Service
2019-01-09 00:00:00
mscve
mscve
OData Denial of Service Vulnerability
2018-09-11 07:00:00
System.IO.Pipelines Denial of Service
2018-09-11 07:00:00
Azure IoT SDK Spoofing Vulnerability
2018-09-11 07:00:00
symantec
symantec
Microsoft OData CVE-2018-8269 Denial of Service Vulnerability
2018-09-11 00:00:00
Microsoft System.IO.Pipelines CVE-2018-8409 Denial of Service Vulnerability
2018-09-11 00:00:00
Microsoft Azure IoT SDK CVE-2018-8479 Spoofing Vulnerability
2018-09-11 00:00:00
redhatcve
redhatcve
CVE-2018-8409
2018-09-14 01:19:39
CVE-2018-8421
2020-03-29 13:52:09
nessus
nessus
Security Updates for Microsoft .NET core and ASP.NET Core (DoS) (September 2018)
2018-09-13 00:00:00
Security Updates for Microsoft .NET Framework (September 2018)
2018-09-12 00:00:00
KB4457984: Windows Server 2008 September 2018 Security Update
2018-09-11 00:00:00
exploitpack
exploitpack
Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit)
2019-01-09 00:00:00
mskb
mskb
Security and Quality Rollup updates for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 8.1, RT 8.1, and Server 2012 R2 (KB 4457920)
2018-10-11 00:00:00
Description of the Security Only update for .NET Framework 4.5.2 for Windows 7 SP1, Server 2008 R2 SP1, and Server 2008 SP2 (KB 4457030)
2018-09-11 07:00:00
Description of the Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows Server 2012 (KB 4457033)
2018-09-11 07:00:00
exploitdb
exploitdb
Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit)
2019-01-09 00:00:00
krebs
krebs
Patch Tuesday, September 2018 Edition
2018-09-11 20:35:27
threatpost
threatpost
Microsoft Patches Actively Exploited Bug as Part of Patch Tuesday
2018-09-11 21:04:17
ibm
ibm
Security Bulletin: Multiple Vulnerabilities may affect IBM Robotic Process Automation
2022-05-04 18:53:46
talosblog
talosblog
Microsoft Patch Tuesday - September 2018
2018-09-11 11:56:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.4 High

AI Score

Confidence

High

0.373 Low

EPSS

Percentile

97.2%

JSON
Related for KLA11315
osv3openvas16prion4cvelist4zdt1veracode3nvd4github2cve4packetstorm1mscve4symantec4redhatcve2nessus11exploitpack1mskb35exploitdb1krebs1threatpost1ibm1talosblog1