CVE-2019-0613

CWE-119 — Buffer Overflow4 documents4 sources

Severity

8.8HIGH

EPSS

18.7%

top 4.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft .net Framework 2.0 Microsoft Microsoft .net Framework 3.0 Microsoft Microsoft .net Framework 3.5 +13 more

Timeline

PublishedMar 5

Latest updateMay 14

Description

A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework and Visual Studio Remote Code Execution Vulnerability'.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages16 packages

▶NVDmicrosoft/visual_studio_201715.9

▶CVEListV5microsoft/microsoft_visual_studio2017

▶CVEListV5microsoft/microsoft_visual_studio_2017version 15.9

▶NVDmicrosoft/.net_framework11 versions+10

▶CVEListV5microsoft/microsoft_.net_framework_2.0Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2, Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-v4cf-f45q-f5vv: A remote code execution vulnerability exists in↗2022-05-14

▶

CVEList

CVE-2019-0613: A remote code execution vulnerability exists in↗2019-03-06

▶

📋Vendor Advisories

Microsoft

.NET Framework and Visual Studio Remote Code Execution Vulnerability↗2019-02-12

▶

External resources

NVD MITRE

Affected products16

Microsoft .net Frameworkv2.0v3.0v3.5+8 more

Microsoft Microsoft .net Framework 2.0vService Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2vService Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2

Microsoft Microsoft .net Framework 3.0vService Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2vService Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2vService Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2

Microsoft Microsoft .net Framework 3.5vWindows 10 Version 1607 for 32-bit SystemsvWindows 10 Version 1607 for x64-based SystemsvWindows 10 Version 1703 for 32-bit Systems+23 more

Microsoft Microsoft .net Framework 3.5.1vWindows 7 for 32-bit Systems Service Pack 1vWindows 7 for x64-based Systems Service Pack 1vWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1+2 more

Microsoft Microsoft .net Framework 4.5.2vWindows 7 for 32-bit Systems Service Pack 1vWindows 7 for x64-based Systems Service Pack 1vWindows 8.1 for 32-bit systems+10 more

Microsoft Microsoft .net Framework 4.6vWindows Server 2008 for 32-bit Systems Service Pack 2vWindows Server 2008 for x64-based Systems Service Pack 2

Microsoft Microsoft .net Framework 4.6.2/4.7/4.7.1/4.7.2vWindows 10 Version 1607 for 32-bit SystemsvWindows 10 Version 1607 for x64-based SystemsvWindows Server 2016+1 more

Microsoft Microsoft .net Framework 4.6/4.6.1/4.6.2vWindows 10 for 32-bit SystemsvWindows 10 for x64-based Systems

Microsoft Microsoft .net Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2vWindows 7 for 32-bit Systems Service Pack 1vWindows 7 for x64-based Systems Service Pack 1vWindows 8.1 for 32-bit systems+8 more

Disclosure

PublishedMar 5, 2019

Latest updateMay 14, 2022