CVE-2018-8260

CWE-20Improper Input Validation4 documents4 sources
Severity
8.8HIGH
EPSS
33.2%
top 3.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft .net FrameworkMicrosoft Microsoft .net Framework
Timeline
PublishedJul 11
Latest updateMay 14

Description

A Remote Code Execution vulnerability exists in .NET software when the software fails to check the source markup of a file, aka ".NET Framework Remote Code Execution Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 4.7.2.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5microsoft/.net_framework4.7.2 Developer Pack
CVEListV5microsoft/microsoft_.net_framework23 versions+22

🔴Vulnerability Details

2
GHSA
GHSA-q76h-pfpm-pgpp: A Remote Code Execution vulnerability exists in2022-05-14
CVEList
CVE-2018-8260: A Remote Code Execution vulnerability exists in2018-07-11

📋Vendor Advisories

1
Microsoft
.NET Framework Remote Code Execution Vulnerability2018-07-10
CVE-2018-8260 (HIGH CVSS 8.8) | A Remote Code Execution vulnerabili | cvebase.io