| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS16-091 | Security Update for .NET Framework (3170048) | Microsoft .NET | Important | 13-07-2016 |
Technical Information
Brief overview of the risk:
This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could cause information disclosure if an attacker uploads a specially crafted XML file to a web-based application.
Detailed Information on the risk:
An information disclosure vulnerability exists when .NET Framework improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity declaration.
To exploit the vulnerability, an attacker could create specially crafted XML data and induce an application to parse and validate the XML data.
Microsoft .NET Framework 2.0 Service Pack 2 To exploit the vulnerability, an attacker could create specially crafted XML data and induce an application to parse and validate the XML data.
Further information on this exploit is available at : MS16-091
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 3.5.1
Affected Software
Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 3.5.1