| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS16-035 | Security Update for .NET Framework to Address Security Feature Bypass (3141780) | Microsoft .NET | Important | 09-03-2016 |
Technical Information
Brief overview of the risk:
The security feature bypass exists in a .NET Framework component that does not properly validate certain elements of a signed XML document.
Detailed Information on the risk:
A security feature bypass vulnerability exists in a .NET Framework component that does not properly validate certain elements of a signed XML document. An attacker who successfully exploited the vulnerability could modify the contents of an XML file without invalidating the signature associated with the file. If a .NET application relies on the signature to be non-malicious, the behavior of the application could become unpredictable. In custom applications, the security impact depends on the specific usage scenario.
Microsoft .NET Framework 2.0 Service Pack 2Further information on this exploit is available at : MS16-035
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 3.5
Affected Software
Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 3.5