Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mscveMicrosoftMS:CVE-2019-1113
HistoryJul 09, 2019 - 7:00 a.m.

.NET Framework Remote Code Execution Vulnerability

2019-07-0907:00:00
Microsoft
msrc.microsoft.com
17

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.044 Low

EPSS

Percentile

92.3%

JSON

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.

An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET Framework. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.

The security update addresses the vulnerability by correcting how .NET Framework checks the source markup of a file.

Related

prion 1
symantec 1
cve 1
openvas 15
nessus 13
mskb 19
kaspersky 1
talosblog 1
prion
prion
Remote code execution
2019-07-15 19:15:00
symantec
symantec
Microsoft .NET Framework CVE-2019-1113 Remote Code Execution Vulnerability
2019-07-09 00:00:00
cve
cve
CVE-2019-1113
2019-07-15 19:15:00
openvas
openvas
Microsoft .NET Framework Multiple Vulnerabilities (KB4506986)
2019-07-10 00:00:00
Microsoft .NET Framework Multiple Vulnerabilities (KB4507419)
2019-07-10 00:00:00
Microsoft .NET Framework Multiple Vulnerabilities (KB4506989)
2019-07-10 00:00:00
nessus
nessus
Security Updates for Microsoft .NET Framework (July 2019)
2019-07-10 00:00:00
Security Updates for Microsoft Visual Studio Products (July 2019)
2019-07-11 00:00:00
KB4507461: Windows Server 2008 July 2019 Security Update (SWAPGS)
2019-07-09 00:00:00
mskb
mskb
Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Server 2012 R2 (KB4507413)
2019-07-09 07:00:00
Security Only Update for .NET Framework 3.0 SP2, 4.5.2, 4.6 for Windows Server 2008 SP2 (KB4507414)
2019-07-09 07:00:00
July 9, 2019 — KB4507419 Cumulative Update for .NET Framework 3.5, 4.7.2, 4.8 for Windows 10, version 1809 and Windows Server 2019
2019-07-09 07:00:00
kaspersky
kaspersky
KLA11513 Multiple vulnerabilities in Microsoft Developer Tools
2019-07-09 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday — July 2019: Vulnerability disclosures and Snort coverage
2019-07-09 11:51:34

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.044 Low

EPSS

Percentile

92.3%

JSON
Related for MS:CVE-2019-1113
prion1symantec1cve1openvas15nessus13mskb19kaspersky1talosblog1