CVE-2018-8540

CWE-94Code Injection4 documents4 sources
Severity
9.8CRITICAL
EPSS
19.4%
top 4.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Microsoft .net FrameworkMicrosoft .net Framework
Timeline
PublishedDec 12
Latest updateMay 13

Description

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2,

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDmicrosoft/.net_framework9 versions+8
CVEListV5microsoft/microsoft_.net_framework73 versions+72

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-5vvw-jxjx-wg5h: A remote code execution vulnerability exists when the Microsoft2022-05-13
CVEList
CVE-2018-8540: A remote code execution vulnerability exists when the Microsoft2018-12-12

📋Vendor Advisories

1
Microsoft
.NET Framework Remote Code Execution Injection Vulnerability2018-12-11
CVE-2018-8540 (CRITICAL CVSS 9.8) | A remote code execution vulnerabili | cvebase.io