CVE-2019-1113

CWE-20 — Improper Input Validation4 documents4 sources

Severity

8.8HIGH

EPSS

33.7%

top 3.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft .net Framework 2.0 Microsoft Microsoft .net Framework 3.0 Microsoft Microsoft .net Framework 3.5 +41 more

Timeline

PublishedJul 15

Latest updateMay 24

Description

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages44 packages

▶NVDmicrosoft/.net_framework12 versions+11

▶CVEListV5microsoft/microsoft_.net_framework_2.0Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2, Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2, Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2+2

▶CVEListV5microsoft/microsoft_.net_framework_3.0Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2, Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2, Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2+2

▶CVEListV5microsoft/microsoft_.net_framework_3.519 versions+18

▶CVEListV5microsoft/microsoft_.net_framework_4.6Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-g6vh-82h8-g69w: A remote code execution vulnerability exists in↗2022-05-24

▶

CVEList

CVE-2019-1113: A remote code execution vulnerability exists in↗2019-07-29

▶

📋Vendor Advisories

Microsoft

.NET Framework Remote Code Execution Vulnerability↗2019-07-09

▶

External resources

NVD MITRE

Affected products44

Microsoft .net Frameworkv2.0v3.0v3.5+9 more

Microsoft Microsoft .net Framework 2.0vService Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2vService Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2vService Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2

Microsoft Microsoft .net Framework 3.0vService Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2vService Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2vService Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2

Microsoft Microsoft .net Framework 3.5vWindows 10 Version 1607 for 32-bit SystemsvWindows 10 Version 1607 for x64-based SystemsvWindows 10 Version 1703 for 32-bit Systems+16 more

Microsoft Microsoft .net Framework 3.5 AND 4.7.2 ON Windows 10 Version 1809 FOR 32-bit Systemsvunspecified

Microsoft Microsoft .net Framework 3.5 AND 4.7.2 ON Windows 10 Version 1809 FOR X64-based Systemsvunspecified

Microsoft Microsoft .net Framework 3.5 AND 4.7.2 ON Windows Server 2019vunspecified

Microsoft Microsoft .net Framework 3.5 AND 4.7.2 ON Windows Server 2019 (server Core Installation)vunspecified

Microsoft Microsoft .net Framework 3.5 AND 4.8 ON Windows 10 Version 1809 FOR 32-bit Systemsvunspecified

Microsoft Microsoft .net Framework 3.5 AND 4.8 ON Windows 10 Version 1809 FOR X64-based Systemsvunspecified

Disclosure

PublishedJul 15, 2019

Latest updateMay 24, 2022