CVE-2024-21409

CWE-416Use After Free6 documents6 sources
Severity
7.3HIGH
EPSS
54.7%
top 1.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
20
Microsoft .net 6.0Microsoft .net 7.0Microsoft .net 8.0+17 more
Timeline
PublishedApr 9
Latest updateApr 17

Description

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages23 packages

NVDmicrosoft/visual_studio_202217.4.017.4.18+3

🔴Vulnerability Details

3
GHSA
.NET Elevation of Privilege Vulnerability2024-04-17
OSV
.NET Elevation of Privilege Vulnerability2024-04-17
CVEList
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability2024-04-09

📋Vendor Advisories

2
Red Hat
dotnet: Release COM server object when CPimcManager creation fails2024-04-09
Microsoft
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability2024-04-09