Remote Code Execution (RCE)

🗓️ 16 Dec 2022 01:58:00Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 268 Views

Microsoft.WindowsDesktop.App.Runtime vulnerability in parsing xps files allows remote code executio

Reporter	Title	Published	Views	Family All 71
ALT Linux	Security fix for the ALT Linux 10 package dotnet-coreclr-3.1 version 3.1.32-alt1	18 Mar 202300:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 10 package dotnet-bootstrap-3.1 version 3.1.32-alt1	18 Mar 202300:00	–	altlinux
ATTACKERKB	CVE-2022-41089	13 Dec 202219:15	–	attackerkb
AlpineLinux	CVE-2022-41089	13 Dec 202200:00	–	alpinelinux
BDU FSTEC	The vulnerability of Microsoft .NET Core, .NET Framework, and .NET software platforms lies in insufficient validation of input data, allowing attackers to execute arbitrary code.	19 Dec 202200:00	–	bdu_fstec
Circl	CVE-2022-41089	22 Jul 202517:33	–	circl
CNNVD	Microsoft .NET Framework 安全漏洞	13 Dec 202200:00	–	cnnvd
CVE	CVE-2022-41089	13 Dec 202200:00	–	cve
Cvelist	CVE-2022-41089 .NET Framework Remote Code Execution Vulnerability	13 Dec 202200:00	–	cvelist
EUVD	EUVD-2022-7473	3 Oct 202520:07	–	euvd

Vulners

Node

dotnet6-runtime dotnet6-runtimeMatch6.0.8-r1csharp

AND

dotnet6-runtime dotnet6-runtimeMatch6.0.10-r1csharp

AND

dotnet6-runtime dotnet6-runtimeMatch6.0.9-r0csharp

AND

dotnet6-runtime dotnet6-runtimeMatch6.0.5-r0csharp

AND

dotnet6-runtime dotnet6-runtimeMatch6.0.4-r1csharp

AND

dotnet6-runtime dotnet6-runtimeMatch6.0.3-r2csharp

AND

dotnet6-runtime dotnet6-runtimeMatch6.0.3-r3csharp

AND

dotnet6-runtime dotnet6-runtimeMatch6.0.6-r0csharp

AND

dotnet6-runtime dotnet6-runtimeMatch6.0.5-r1csharp

AND

dotnet6-runtime dotnet6-runtimeMatch6.0.10-r2csharp

AND

dotnet6-runtime dotnet6-runtimeMatch6.0.3-r1csharp

AND

dotnet6-runtime dotnet6-runtimeMatch6.0.2-r1csharp

AND

dotnet6-runtime dotnet6-runtimeMatch6.0.10-r0csharp

AND

dotnet6-runtime dotnet6-runtimeMatch6.0.8-r3csharp

AND

dotnet6-runtime dotnet6-runtimeMatch6.0.7-r0csharp

AND

dotnet6-runtime dotnet6-runtimeMatch6.0.11-r0csharp

AND

dotnet6-runtime dotnet6-runtimeMatch6.0.8-r2csharp

AND

alpinelinux alpine_linuxMatchedge

dotnet6-runtime dotnet6-runtimeMatch6.0.5-r0csharp

AND

dotnet6-runtime dotnet6-runtimeMatch6.0.10-r0csharp

AND

dotnet6-runtime dotnet6-runtimeMatch6.0.8-r1csharp

AND

dotnet6-runtime dotnet6-runtimeMatch6.0.5-r1csharp

AND

dotnet6-runtime dotnet6-runtimeMatch6.0.7-r0csharp

AND

dotnet6-runtime dotnet6-runtimeMatch6.0.9-r0csharp

AND

dotnet6-runtime dotnet6-runtimeMatch6.0.11-r0csharp

AND

dotnet6-runtime dotnet6-runtimeMatch6.0.4-r1csharp

AND

dotnet6-runtime dotnet6-runtimeMatch6.0.6-r0csharp

AND

alpinelinux alpine_linuxMatch3.16

dotnet6-build dotnet6-buildMatch6.0.109-r0csharp

AND

dotnet6-build dotnet6-buildMatch6.0.111-r0csharp

AND

dotnet6-build dotnet6-buildMatch6.0.108-r2csharp

AND

dotnet6-build dotnet6-buildMatch6.0.108-r3csharp

AND

dotnet6-build dotnet6-buildMatch6.0.102-r0csharp

AND

dotnet6-build dotnet6-buildMatch6.0.110-r1csharp

AND

dotnet6-build dotnet6-buildMatch6.0.103-r2csharp

AND

dotnet6-build dotnet6-buildMatch6.0.107-r0csharp

AND

dotnet6-build dotnet6-buildMatch6.0.103-r3csharp

AND

dotnet6-build dotnet6-buildMatch6.0.105-r0csharp

AND

dotnet6-build dotnet6-buildMatch6.0.104-r1csharp

AND

dotnet6-build dotnet6-buildMatch6.0.110-r2csharp

AND

dotnet6-build dotnet6-buildMatch6.0.106-r0csharp

AND

dotnet6-build dotnet6-buildMatch6.0.110-r0csharp

AND

dotnet6-build dotnet6-buildMatch6.0.108-r1csharp

AND

dotnet6-build dotnet6-buildMatch6.0.103-r1csharp

AND

alpinelinux alpine_linuxMatchedge

dotnet6-build dotnet6-buildMatch6.0.110-r2csharp

AND

dotnet6-build dotnet6-buildMatch6.0.111-r0csharp

AND

alpinelinux alpine_linuxMatch3.17

dotnet6-runtime dotnet6-runtimeMatch6.0.11-r0csharp

AND

dotnet6-runtime dotnet6-runtimeMatch6.0.10-r2csharp

AND

alpinelinux alpine_linuxMatch3.17

dotnet7-build dotnet7-buildMatch7.0.100-r2csharp

AND

alpinelinux alpine_linuxMatch3.17

dotnet6-build dotnet6-buildMatch6.0.110-r0csharp

AND

dotnet6-build dotnet6-buildMatch6.0.105-r0csharp

AND

dotnet6-build dotnet6-buildMatch6.0.108-r1csharp

AND

dotnet6-build dotnet6-buildMatch6.0.109-r0csharp

AND

dotnet6-build dotnet6-buildMatch6.0.106-r0csharp

AND

dotnet6-build dotnet6-buildMatch6.0.104-r1csharp

AND

dotnet6-build dotnet6-buildMatch6.0.107-r0csharp

AND

alpinelinux alpine_linuxMatch3.16

dotnet7-runtime dotnet7-runtimeMatch7.0.0-r2csharp

AND

alpinelinux alpine_linuxMatch3.17

microsoft.windowsdesktop.app.runtime.win-arm64 microsoft.windowsdesktop.app.runtime.win-arm64Range7.0.0-preview.1.22077.5–7.0.0csharp

microsoft.windowsdesktop.app.runtime.win-arm64 microsoft.windowsdesktop.app.runtime.win-arm64Range6.0.0-preview.1.21103.5–6.0.11csharp

microsoft.windowsdesktop.app.runtime.win-x64 microsoft.windowsdesktop.app.runtime.win-x64Range7.0.0-preview.1.22077.5–7.0.0csharp

microsoft.windowsdesktop.app.runtime.win-x64 microsoft.windowsdesktop.app.runtime.win-x64Range5.0.0-preview.1.20127.5–6.0.11csharp

microsoft.windowsdesktop.app.runtime.win-x64 microsoft.windowsdesktop.app.runtime.win-x64Range3.1.0-preview1.19506.1–3.1.31csharp

microsoft.windowsdesktop.app.runtime.win-x86 microsoft.windowsdesktop.app.runtime.win-x86Range7.0.0-preview.1.22077.5–7.0.0csharp

microsoft.windowsdesktop.app.runtime.win-x86 microsoft.windowsdesktop.app.runtime.win-x86Range5.0.0-preview.1.20127.5–6.0.11csharp

microsoft.windowsdesktop.app.runtime.win-x86 microsoft.windowsdesktop.app.runtime.win-x86Range3.1.0-preview1.19506.1–3.1.31csharp

Source	Link
github	www.github.com/dotnet/wpf/issues/7357
github	www.github.com/dotnet/wpf/commit/7b0be4d41c33ce8525d8160bf8869cac10f8a8cd
github	www.github.com/dotnet/wpf/commit/c08825a9889e6c798fe95ed5ec1f6a9f517ab5a0
github	www.github.com/dotnet/wpf/commit/5f4c0f7763a06b024c8a517616e0fc0194e997a4
github	www.github.com/dotnet/announcements/issues/242
github	www.github.com/advisories/GHSA-2c7v-qcjp-4mg2
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41089
msrc	www.msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41089

02 Jan 2025 23:16Current

8.7High risk

Vulners AI Score8.7

CVSS 3.17.8

EPSS0.04555