CVE-2018-8421

CWE-20Improper Input Validation8 documents8 sources
Severity
9.8CRITICAL
EPSS
55.0%
top 1.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Microsoft .net FrameworkMicrosoft .net Framework
Timeline
PublishedSep 13
Latest updateAug 25

Description

A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Fram

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDmicrosoft/.net_framework11 versions+10
CVEListV5microsoft/microsoft_.net_framework69 versions+68

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
OSV
binutils vulnerabilities2023-10-04
GHSA
GHSA-rgxc-r6cp-wvq8: A remote code execution vulnerability exists when Microsoft2022-05-14
CVEList
CVE-2018-8421: A remote code execution vulnerability exists when Microsoft2018-09-13

🔍Detection Rules

1
Suricata
ET HUNTING Microsoft Sharepoint Deserialization RCE via Workflow (CVE-2018-8421)2025-08-25

📋Vendor Advisories

2
Red Hat
NET: RCE when processing untrusted input2018-09-13
Microsoft
.NET Framework Remote Code Execution Vulnerability2018-09-11

💬Community

1
Bugzilla
CVE-2018-8421 .NET: RCE when processing untrusted input2018-09-17