| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS16-019 | Security Update for .NET Framework to Address Denial of Service (3137893) | Windows Vista | Important | 10-02-2016 |
Technical Information
Brief overview of the risk:
This security update resolves vulnerabilities in Microsoft .NET Framework. The more severe of the vulnerabilities could cause denial of service if an attacker inserts specially crafted XSLT into a client-side XML web part, causing the server to recursively compile XSLT transforms.
Detailed Information on the risk:
A denial of service vulnerability exists when .NET Framework fails to properly handle certain Extensible Stylesheet Language Transformations (XSLT). An attacker who successfully exploited this vulnerability could cause server performance to degrade significantly enough to cause a denial of service condition.
To exploit the vulnerability, an attacker could insert specially crafted XSLT into a client-side XML web part, causing the server to recursively compile XSLT transforms. This could cause a denial of service attack and disrupted server availability. The security update addresses the vulnerability by correcting how .NET Framework handles XSLT.
Windows Vista Service Pack 2 To exploit the vulnerability, an attacker could insert specially crafted XSLT into a client-side XML web part, causing the server to recursively compile XSLT transforms. This could cause a denial of service attack and disrupted server availability. The security update addresses the vulnerability by correcting how .NET Framework handles XSLT.
Further information on this exploit is available at : MS16-019
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012
Windows Server 2012 R2
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Affected Software
Windows Vista Service Pack 2Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012
Windows Server 2012 R2
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems