Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-41089 (GCVE-0-2022-41089)
Vulnerability from cvelistv5 – Published: 2022-12-13 00:00 – Updated: 2025-07-22 17:49
VLAI
EPSS
Title
.NET Framework Remote Code Execution Vulnerability
Summary
.NET Framework Remote Code Execution Vulnerability
Severity
CWE
- Remote Code Execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
20 products
Date Public
2022-12-13 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:35:49.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41089"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.11",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.22",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.17",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.3",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.12",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": ".NET Core 3.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.1.32",
"status": "affected",
"version": "3.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "PowerShell 7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.2.9",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "PowerShell 7.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.3.2",
"status": "affected",
"version": "7.3.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2012 R2",
"Windows Server 2012 (Server Core installation)",
"Windows 8.1 for 32-bit systems",
"Windows Server 2016",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2012",
"Windows Server 2016 (Server Core installation)",
"Windows 7 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows 7 for 32-bit Systems Service Pack 1",
"Windows Server 2012 R2 (Server Core installation)",
"Windows RT 8.1",
"Windows 10 Version 1607 for 32-bit Systems",
"Windows 8.1 for x64-based systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems",
"Windows 10 Version 22H2 for x64-based Systems"
],
"product": "Microsoft .NET Framework 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "04590.02",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows 10 Version 1809 for ARM64-based Systems",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)",
"Windows 10 Version 21H1 for ARM64-based Systems",
"Windows 10 Version 21H1 for x64-based Systems",
"Windows 10 Version 21H1 for 32-bit Systems",
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)",
"Windows 10 Version 20H2 for 32-bit Systems",
"Windows 10 Version 20H2 for ARM64-based Systems",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "04590.02",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for ARM64-based Systems",
"Windows Server 2019 (Server Core installation)",
"Windows Server 2019",
"Windows 10 Version 1809 for x64-based Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "04010.02",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H1 for ARM64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems",
"Windows 11 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 21H1 for 32-bit Systems",
"Windows 10 Version 20H2 for ARM64-based Systems",
"Windows 11 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 21H1 for x64-based Systems",
"Windows 10 Version 20H2 for 32-bit Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "09115.01",
"status": "affected",
"version": "4.8.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 2.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "30729.8953",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 for x64-based Systems Service Pack 2",
"Windows Server 2008 for 32-bit Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 3.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "30729.8953",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 8.1 for x64-based systems",
"Windows 8.1 for 32-bit systems",
"Windows Server 2012 R2",
"Windows Server 2012",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "30729.8953",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 7 for 32-bit Systems Service Pack 1",
"Windows 7 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "30729.8953",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 7 for 32-bit Systems Service Pack 1",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)",
"Windows 8.1 for 32-bit systems",
"Windows 7 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows RT 8.1",
"Windows 8.1 for x64-based systems"
],
"product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "04010.02",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
"Windows Server 2008 for x64-based Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "04010.02",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 for x64-based Systems",
"Windows 10 for 32-bit Systems"
],
"product": "Microsoft .NET Framework 3.5 AND 4.6/4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.19624",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.2.11",
"versionStartIncluding": "17.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.11.22",
"versionStartIncluding": "16.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.17",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.4.3",
"versionStartIncluding": "17.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1.32",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.1",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.2.9",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
"versionEndExcluding": "7.3.2",
"versionStartIncluding": "7.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "04590.02",
"versionStartIncluding": "4.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "04590.02",
"versionStartIncluding": "4.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "04010.02",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "09115.01",
"versionStartIncluding": "4.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
"versionEndExcluding": "30729.8953",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
"versionEndExcluding": "30729.8953",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "30729.8953",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "30729.8953",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "04010.02",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "04010.02",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.19624",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-12-13T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": ".NET Framework Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T17:49:49.988Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET Framework Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41089"
}
],
"title": ".NET Framework Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-41089",
"datePublished": "2022-12-13T00:00:00.000Z",
"dateReserved": "2022-09-19T00:00:00.000Z",
"dateUpdated": "2025-07-22T17:49:49.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-41089",
"date": "2026-05-25",
"epss": "0.04521",
"percentile": "0.89284"
},
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E039CE1F-B988-4741-AE2E-5B36E2AF9688\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E2C378B-1507-4C81-82F6-9F599616845A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B8F3DD2-A145-4AF1-8545-CC42892DA3D1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB79EE26-FC32-417D-A49C-A1A63165A968\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"821614DD-37DD-44E2-A8A4-FE8D23A33C3C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FAE4278F-71A7-43E9-8F79-1CBFAE71D730\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71E65CB9-6DC2-4A90-8C6A-103BEDC99823\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"C2B1C231-DE19-4B8F-A4AA-5B3A65276E46\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6CE5198-C498-4672-AF4C-77AB4BE06C5C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\", \"matchCriteriaId\": \"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB18C4CE-5917-401E-ACF7-2747084FD36E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"280FE663-23BE-45D2-9B31-5F577E390B48\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF0B660D-1F30-4D45-B98B-726EDB8CB90F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"734112B3-1383-4BE3-8721-C0F84566B764\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36B0E40A-84EF-4099-A395-75D6B8CDA196\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3EF7A75E-EE27-4AA7-8D84-9D696728A4CE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_7:sp1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"84079754-7D44-439C-ADFC-C560945B6DF1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6CE5198-C498-4672-AF4C-77AB4BE06C5C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\", \"matchCriteriaId\": \"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB18C4CE-5917-401E-ACF7-2747084FD36E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E039CE1F-B988-4741-AE2E-5B36E2AF9688\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"934D4E46-12C1-41DC-A28C-A2C430E965E4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*\", \"matchCriteriaId\": \"B9F64296-66BF-4F1D-A11C-0C44C347E2AC\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"5D7F7DDB-440E-42CD-82F4-B2C13F3CC462\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"821614DD-37DD-44E2-A8A4-FE8D23A33C3C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"934D4E46-12C1-41DC-A28C-A2C430E965E4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FAE4278F-71A7-43E9-8F79-1CBFAE71D730\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71E65CB9-6DC2-4A90-8C6A-103BEDC99823\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8EDC4407-7E92-4E60-82F0-0C87D1860D3A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"C2B1C231-DE19-4B8F-A4AA-5B3A65276E46\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\", \"matchCriteriaId\": \"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E039CE1F-B988-4741-AE2E-5B36E2AF9688\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB18C4CE-5917-401E-ACF7-2747084FD36E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"42A6DF09-B8E1-414D-97E7-453566055279\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"D400E856-2B2E-4CEA-8CA5-309FDF371CEA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"280FE663-23BE-45D2-9B31-5F577E390B48\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"66CAFDB7-9D41-4E67-AB83-5EB104551FF5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E039CE1F-B988-4741-AE2E-5B36E2AF9688\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"734112B3-1383-4BE3-8721-C0F84566B764\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36B0E40A-84EF-4099-A395-75D6B8CDA196\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3EF7A75E-EE27-4AA7-8D84-9D696728A4CE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E039CE1F-B988-4741-AE2E-5B36E2AF9688\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3EF7A75E-EE27-4AA7-8D84-9D696728A4CE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*\", \"matchCriteriaId\": \"610B33F9-0309-4CF7-B7E4-5152D9B2FFE4\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B8F3DD2-A145-4AF1-8545-CC42892DA3D1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*\", \"matchCriteriaId\": \"B9F64296-66BF-4F1D-A11C-0C44C347E2AC\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"5D7F7DDB-440E-42CD-82F4-B2C13F3CC462\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB79EE26-FC32-417D-A49C-A1A63165A968\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \".NET Framework Remote Code Execution Vulnerability\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de ejecuci\\u00f3n remota de c\\u00f3digo de .NET Framework.\"}]",
"id": "CVE-2022-41089",
"lastModified": "2025-01-02T22:15:23.873",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"secure@microsoft.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
"published": "2022-12-13T19:15:12.090",
"references": "[{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41089\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41089\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-41089\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2022-12-13T19:15:12.090\",\"lastModified\":\"2025-01-02T22:15:23.873\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\".NET Framework Remote Code Execution Vulnerability\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de .NET Framework.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E039CE1F-B988-4741-AE2E-5B36E2AF9688\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E2C378B-1507-4C81-82F6-9F599616845A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B8F3DD2-A145-4AF1-8545-CC42892DA3D1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB79EE26-FC32-417D-A49C-A1A63165A968\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"821614DD-37DD-44E2-A8A4-FE8D23A33C3C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAE4278F-71A7-43E9-8F79-1CBFAE71D730\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71E65CB9-6DC2-4A90-8C6A-103BEDC99823\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2B1C231-DE19-4B8F-A4AA-5B3A65276E46\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6CE5198-C498-4672-AF4C-77AB4BE06C5C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\",\"matchCriteriaId\":\"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB18C4CE-5917-401E-ACF7-2747084FD36E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"280FE663-23BE-45D2-9B31-5F577E390B48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF0B660D-1F30-4D45-B98B-726EDB8CB90F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"734112B3-1383-4BE3-8721-C0F84566B764\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36B0E40A-84EF-4099-A395-75D6B8CDA196\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EF7A75E-EE27-4AA7-8D84-9D696728A4CE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:sp1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84079754-7D44-439C-ADFC-C560945B6DF1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6CE5198-C498-4672-AF4C-77AB4BE06C5C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\",\"matchCriteriaId\":\"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB18C4CE-5917-401E-ACF7-2747084FD36E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E039CE1F-B988-4741-AE2E-5B36E2AF9688\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"934D4E46-12C1-41DC-A28C-A2C430E965E4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*\",\"matchCriteriaId\":\"B9F64296-66BF-4F1D-A11C-0C44C347E2AC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"5D7F7DDB-440E-42CD-82F4-B2C13F3CC462\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"821614DD-37DD-44E2-A8A4-FE8D23A33C3C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"934D4E46-12C1-41DC-A28C-A2C430E965E4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAE4278F-71A7-43E9-8F79-1CBFAE71D730\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71E65CB9-6DC2-4A90-8C6A-103BEDC99823\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EDC4407-7E92-4E60-82F0-0C87D1860D3A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2B1C231-DE19-4B8F-A4AA-5B3A65276E46\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\",\"matchCriteriaId\":\"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E039CE1F-B988-4741-AE2E-5B36E2AF9688\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB18C4CE-5917-401E-ACF7-2747084FD36E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"42A6DF09-B8E1-414D-97E7-453566055279\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D400E856-2B2E-4CEA-8CA5-309FDF371CEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"280FE663-23BE-45D2-9B31-5F577E390B48\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66CAFDB7-9D41-4E67-AB83-5EB104551FF5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E039CE1F-B988-4741-AE2E-5B36E2AF9688\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"734112B3-1383-4BE3-8721-C0F84566B764\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36B0E40A-84EF-4099-A395-75D6B8CDA196\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EF7A75E-EE27-4AA7-8D84-9D696728A4CE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E039CE1F-B988-4741-AE2E-5B36E2AF9688\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EF7A75E-EE27-4AA7-8D84-9D696728A4CE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*\",\"matchCriteriaId\":\"610B33F9-0309-4CF7-B7E4-5152D9B2FFE4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B8F3DD2-A145-4AF1-8545-CC42892DA3D1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*\",\"matchCriteriaId\":\"B9F64296-66BF-4F1D-A11C-0C44C347E2AC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"5D7F7DDB-440E-42CD-82F4-B2C13F3CC462\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB79EE26-FC32-417D-A49C-A1A63165A968\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41089\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41089\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2022-AVI-1104
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été corrigée dans Microsoft .Net. Elle permet à un attaquant de provoquer une exécution de code à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft .NET Framework 4.8 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.0 Service Pack 2 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.8 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.7.2 | ||
| Microsoft | N/A | .NET 7.0 | ||
| Microsoft | N/A | Microsoft .NET Framework 2.0 Service Pack 2 | ||
| Microsoft | N/A | .NET Core 3.1 | ||
| Microsoft | N/A | .NET 6.0 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.8.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.6/4.6.2 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft .NET Framework 4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.0 Service Pack 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 2.0 Service Pack 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Core 3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.6/4.6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-41089",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41089"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41089 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41089"
}
],
"reference": "CERTFR-2022-AVI-1104",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eMicrosoft\n.Net\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2022-AVI-1106
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une exécution de code à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Dynamics NAV 2018 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.0 | ||
| Microsoft | N/A | Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise) | ||
| Microsoft | N/A | PowerShell 7.2 | ||
| Microsoft | N/A | Microsoft Dynamics 365 Business Central 2022 Release Wave 2 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.2 | ||
| Microsoft | N/A | Microsoft Visio 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | N/A | Microsoft Dynamics 365 Business Central 2022 Release Wave 1 | ||
| Microsoft | N/A | Microsoft Dynamics NAV 2017 | ||
| Microsoft | N/A | Raw Image Extension | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | ||
| Microsoft | N/A | Microsoft Visio 2016 (édition 64 bits) | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits | ||
| Microsoft | N/A | Microsoft Dynamics 365 Business Central 2020 Release Wave 2 | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour 64 bits Systems | ||
| Microsoft | N/A | Microsoft Visio 2016 (édition 32 bits) | ||
| Microsoft | N/A | Microsoft Dynamics NAV 2016 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.4 | ||
| Microsoft | N/A | Dynamics 365 Business Central Spring 2019 Update | ||
| Microsoft | N/A | Microsoft Dynamics 365 Business Central 2020 Release Wave 1 | ||
| Microsoft | N/A | Microsoft Visio 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | N/A | Microsoft Dynamics 365 Business Central 2021 Release Wave 1 | ||
| Microsoft | N/A | Microsoft Dynamics 365 Business Central 2021 Release Wave 2 | ||
| Microsoft | N/A | PowerShell 7.3 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Dynamics NAV 2018",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "PowerShell 7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 Business Central 2022 Release Wave 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visio 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 Business Central 2022 Release Wave 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics NAV 2017",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Raw Image Extension",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visio 2016 (\u00e9dition 64 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 Business Central 2020 Release Wave 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour 64 bits Systems",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visio 2016 (\u00e9dition 32 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics NAV 2016",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Dynamics 365 Business Central Spring 2019 Update",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 Business Central 2020 Release Wave 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visio 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 Business Central 2021 Release Wave 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 Business Central 2021 Release Wave 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "PowerShell 7.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-44696",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44696"
},
{
"name": "CVE-2022-47211",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47211"
},
{
"name": "CVE-2022-41076",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41076"
},
{
"name": "CVE-2022-47212",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47212"
},
{
"name": "CVE-2022-44691",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44691"
},
{
"name": "CVE-2022-44694",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44694"
},
{
"name": "CVE-2022-44695",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44695"
},
{
"name": "CVE-2022-44687",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44687"
},
{
"name": "CVE-2022-41127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41127"
},
{
"name": "CVE-2022-26805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26805"
},
{
"name": "CVE-2022-26804",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26804"
},
{
"name": "CVE-2022-47213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47213"
},
{
"name": "CVE-2022-44692",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44692"
},
{
"name": "CVE-2022-26806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26806"
},
{
"name": "CVE-2022-41089",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41089"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-44694 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44694"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41127 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-47212 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-47212"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41076 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41076"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-26806 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26806"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-44692 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44692"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-44696 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44696"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-47211 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-47211"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-26805 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26805"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-44687 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44687"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-47213 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-47213"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41089 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41089"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-44695 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44695"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-26804 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26804"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-44691 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44691"
}
],
"reference": "CERTFR-2022-AVI-1106",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2022-AVI-1104
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été corrigée dans Microsoft .Net. Elle permet à un attaquant de provoquer une exécution de code à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft .NET Framework 4.8 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.0 Service Pack 2 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.8 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.7.2 | ||
| Microsoft | N/A | .NET 7.0 | ||
| Microsoft | N/A | Microsoft .NET Framework 2.0 Service Pack 2 | ||
| Microsoft | N/A | .NET Core 3.1 | ||
| Microsoft | N/A | .NET 6.0 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.8.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.6/4.6.2 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft .NET Framework 4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.0 Service Pack 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 2.0 Service Pack 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Core 3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.6/4.6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-41089",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41089"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41089 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41089"
}
],
"reference": "CERTFR-2022-AVI-1104",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eMicrosoft\n.Net\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2022-AVI-1106
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une exécution de code à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Dynamics NAV 2018 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.0 | ||
| Microsoft | N/A | Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise) | ||
| Microsoft | N/A | PowerShell 7.2 | ||
| Microsoft | N/A | Microsoft Dynamics 365 Business Central 2022 Release Wave 2 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.2 | ||
| Microsoft | N/A | Microsoft Visio 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | N/A | Microsoft Dynamics 365 Business Central 2022 Release Wave 1 | ||
| Microsoft | N/A | Microsoft Dynamics NAV 2017 | ||
| Microsoft | N/A | Raw Image Extension | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | ||
| Microsoft | N/A | Microsoft Visio 2016 (édition 64 bits) | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits | ||
| Microsoft | N/A | Microsoft Dynamics 365 Business Central 2020 Release Wave 2 | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour 64 bits Systems | ||
| Microsoft | N/A | Microsoft Visio 2016 (édition 32 bits) | ||
| Microsoft | N/A | Microsoft Dynamics NAV 2016 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.4 | ||
| Microsoft | N/A | Dynamics 365 Business Central Spring 2019 Update | ||
| Microsoft | N/A | Microsoft Dynamics 365 Business Central 2020 Release Wave 1 | ||
| Microsoft | N/A | Microsoft Visio 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | N/A | Microsoft Dynamics 365 Business Central 2021 Release Wave 1 | ||
| Microsoft | N/A | Microsoft Dynamics 365 Business Central 2021 Release Wave 2 | ||
| Microsoft | N/A | PowerShell 7.3 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Dynamics NAV 2018",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "PowerShell 7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 Business Central 2022 Release Wave 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visio 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 Business Central 2022 Release Wave 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics NAV 2017",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Raw Image Extension",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visio 2016 (\u00e9dition 64 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 Business Central 2020 Release Wave 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour 64 bits Systems",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visio 2016 (\u00e9dition 32 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics NAV 2016",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Dynamics 365 Business Central Spring 2019 Update",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 Business Central 2020 Release Wave 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visio 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 Business Central 2021 Release Wave 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 Business Central 2021 Release Wave 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "PowerShell 7.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-44696",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44696"
},
{
"name": "CVE-2022-47211",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47211"
},
{
"name": "CVE-2022-41076",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41076"
},
{
"name": "CVE-2022-47212",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47212"
},
{
"name": "CVE-2022-44691",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44691"
},
{
"name": "CVE-2022-44694",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44694"
},
{
"name": "CVE-2022-44695",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44695"
},
{
"name": "CVE-2022-44687",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44687"
},
{
"name": "CVE-2022-41127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41127"
},
{
"name": "CVE-2022-26805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26805"
},
{
"name": "CVE-2022-26804",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26804"
},
{
"name": "CVE-2022-47213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47213"
},
{
"name": "CVE-2022-44692",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44692"
},
{
"name": "CVE-2022-26806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26806"
},
{
"name": "CVE-2022-41089",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41089"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-44694 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44694"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41127 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-47212 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-47212"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41076 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41076"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-26806 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26806"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-44692 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44692"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-44696 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44696"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-47211 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-47211"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-26805 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26805"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-44687 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44687"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-47213 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-47213"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41089 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41089"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-44695 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44695"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-26804 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26804"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-44691 du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44691"
}
],
"reference": "CERTFR-2022-AVI-1106",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 13 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
BDU:2022-07294
Vulnerability from fstec - Published: 13.12.2022
VLAI
Title
Уязвимость программных платформ Microsoft .NET Core, .NET Framework и .NET, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость программных платформ Microsoft .NET Core, .NET Framework и .NET связана с недостаточной проверкой вводимых данных. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код с помощью специально созданных данных
Severity
Vendor
Microsoft Corp
Software Name
Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.7, Microsoft .NET Framework 4.6.2, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 4.8, .NET Core, Microsoft Visual Studio 2022, .NET, Microsoft .NET Framework 4.8.1, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.0 Service Pack 2, Microsoft Visual Studio 2019
Software Version
- (Microsoft .NET Framework 3.5), - (Microsoft .NET Framework 3.5.1), - (Microsoft .NET Framework 4.7), - (Microsoft .NET Framework 4.6.2), - (Microsoft .NET Framework 4.7.1), - (Microsoft .NET Framework 4.7.2), - (Microsoft .NET Framework 4.8), 3.1 (.NET Core), 17.0 (Microsoft Visual Studio 2022), 17.2 (Microsoft Visual Studio 2022), 7.0 (.NET), 6.0 (.NET), 17.4 (Microsoft Visual Studio 2022), - (Microsoft .NET Framework 4.8.1), - (Microsoft .NET Framework 2.0 Service Pack 2), - (Microsoft .NET Framework 3.0 Service Pack 2), от 16.0 до 16.10 включительно (Microsoft Visual Studio 2019)
Possible Mitigations
Использование рекомендаций производителя:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41089
Reference
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41089
https://github.com/dotnet/announcements/issues/242
CWE
CWE-20
{
"CVSS 2.0": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "TO93, TO94, TO95, TO96, TO97, TO98, TO99, TO100, TO104, TO105, TO106, TO107, TO122, TO123, TO124, TO125, TO126, TO128, TO129, TO133, TO136, TO137, TO138, TO142, TO708",
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": "TO93 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET Framework 3.5 \u0438 4.8 \u0434\u043b\u044f Windows 10 22H2 \u0434\u043b\u044f x64 \u0441\u0438\u0441\u0442\u0435\u043c (KB5020872), TO94 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET Framework 3.5 \u0438 4.8 \u0434\u043b\u044f Windows 11 \u0434\u043b\u044f x64 \u0441\u0438\u0441\u0442\u0435\u043c (KB5020875), TO95 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET Framework 3.5 \u0438 4.8.1 \u0434\u043b\u044f Windows 10 22H2 \u0434\u043b\u044f x64 \u0441\u0438\u0441\u0442\u0435\u043c (KB5020881), TO96 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET Framework 3.5 \u0438 4.8.1 \u0434\u043b\u044f Windows 11 \u0434\u043b\u044f x64 \u0441\u0438\u0441\u0442\u0435\u043c (KB5020882), TO97 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET Framework 3.5 \u0438 4.8 \u0434\u043b\u044f Windows 10 20H2 \u0434\u043b\u044f x64 \u0441\u0438\u0441\u0442\u0435\u043c (KB5020872), TO98 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET Framework 3.5 \u0438 4.8.1 \u0434\u043b\u044f Windows 10 20H2 \u0434\u043b\u044f x64 \u0441\u0438\u0441\u0442\u0435\u043c (KB5020881), TO99 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET Framework 3.5 \u0438 4.8 \u0434\u043b\u044f Windows 10 21H2 \u043d\u0430 \u0431\u0430\u0437\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 x86 (KB5020872), TO100 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET Framework 3.5 \u0438 4.8.1 \u0434\u043b\u044f Windows 10 21H2 \u043d\u0430 \u0431\u0430\u0437\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 x86 (KB5020881), TO104 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET Framework 3.5 \u0438 4.7.2 \u0434\u043b\u044f Windows 10 1809 \u0434\u043b\u044f x64 \u0441\u0438\u0441\u0442\u0435\u043c (KB5020866), TO105 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET Framework 3.5 \u0438 4.8 \u0434\u043b\u044f Windows 10 1809 \u0434\u043b\u044f x64 \u0441\u0438\u0441\u0442\u0435\u043c (KB5020874), TO106 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET Framework 3.5 \u0438 4.8.1 \u0434\u043b\u044f Windows 10 21H2 \u0434\u043b\u044f x64 \u0441\u0438\u0441\u0442\u0435\u043c (KB5020881), TO107 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET Framework 3.5 \u0438 4.8 \u0434\u043b\u044f Windows 10 21H2 \u0434\u043b\u044f x64 \u0441\u0438\u0441\u0442\u0435\u043c (KB5020872), TO122 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET Framework 3.5 \u0438 4.8 \u0434\u043b\u044f Windows Server 2022 22H2 \u0434\u043b\u044f 64-\u0440\u0430\u0437\u0440\u044f\u0434\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c (KB5020877), TO123 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f .NET Framework 3.5 \u0432 Windows Server 2012 R2 \u0434\u043b\u044f 64-\u0440\u0430\u0437\u0440\u044f\u0434\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c (KB5020897), TO124 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 \u0432 Windows Server 2012 R2 \u0434\u043b\u044f 64-\u0440\u0430\u0437\u0440\u044f\u0434\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c (KB5020899), TO125 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f .NET Framework 4.8 \u0432 Windows Server 2012 R2 \u0434\u043b\u044f 64-\u0440\u0430\u0437\u0440\u044f\u0434\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c (KB5020902), TO126 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f .NET Framework 3.5 \u0432 Windows Server 2012 \u0434\u043b\u044f 64-\u0440\u0430\u0437\u0440\u044f\u0434\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c (KB5020894), TO128 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f .NET Framework 4.8 \u0434\u043b\u044f Windows Server 2012 \u0434\u043b\u044f 64-\u0440\u0430\u0437\u0440\u044f\u0434\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c (KB5020901), TO129 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET Framework 4.8 \u0434\u043b\u044f Windows Server 2016 \u0434\u043b\u044f 64-\u0440\u0430\u0437\u0440\u044f\u0434\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c (KB5020873), TO133 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET Framework 3.5 \u0438 4.8.1 \u0434\u043b\u044f Windows Server 2022 21H2 \u0434\u043b\u044f x64 \u0441\u0438\u0441\u0442\u0435\u043c (KB5020883), TO136 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f .NET Framework 3.5 \u0432 Windows Server 2012 R2 \u0434\u043b\u044f x64 (KB5020862), TO137 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 \u0432 Windows Server 2012 R2 \u0434\u043b\u044f x64 (KB5020868), TO138 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f .NET Framework 4.8 \u0432 Windows Server 2012 R2 \u0434\u043b\u044f x64 (KB5020878), TO142 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET Framework 3.5 \u0438 4.8 \u0434\u043b\u044f Windows Server 2022 21H2 \u0434\u043b\u044f x64 \u0441\u0438\u0441\u0442\u0435\u043c (KB5020877), TO708 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Visual Studio 2019 16.11.30",
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Microsoft .NET Framework 3.5), - (Microsoft .NET Framework 3.5.1), - (Microsoft .NET Framework 4.7), - (Microsoft .NET Framework 4.6.2), - (Microsoft .NET Framework 4.7.1), - (Microsoft .NET Framework 4.7.2), - (Microsoft .NET Framework 4.8), 3.1 (.NET Core), 17.0 (Microsoft Visual Studio 2022), 17.2 (Microsoft Visual Studio 2022), 7.0 (.NET), 6.0 (.NET), 17.4 (Microsoft Visual Studio 2022), - (Microsoft .NET Framework 4.8.1), - (Microsoft .NET Framework 2.0 Service Pack 2), - (Microsoft .NET Framework 3.0 Service Pack 2), \u043e\u0442 16.0 \u0434\u043e 16.10 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Microsoft Visual Studio 2019)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41089",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.12.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.12.2022",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "19.12.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-07294",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-41089",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.7, Microsoft .NET Framework 4.6.2, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 4.8, .NET Core, Microsoft Visual Studio 2022, .NET, Microsoft .NET Framework 4.8.1, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.0 Service Pack 2, Microsoft Visual Studio 2019",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Microsoft Corp Windows 7 Service Pack 1 - 64-bit, Microsoft Corp Windows Server 2008 Service Pack 2 - 32-bit, Microsoft Corp Windows 7 Service Pack 1 - 32-bit, Microsoft Corp Windows 8.1 - 64-bit, Microsoft Corp Windows 8.1 - 32-bit, Microsoft Corp Windows Server 2008 Service Pack 2 - 64-bit, Microsoft Corp Windows Server 2012 - , Microsoft Corp Windows Server 2012 R2 - , Microsoft Corp Windows Server 2008 R2 Service Pack 1 - 64-bit, Microsoft Corp Windows 10 - 64-bit, Microsoft Corp Windows 10 - 32-bit, Microsoft Corp Windows 10 1607 - 64-bit, Microsoft Corp Windows 10 1607 - 32-bit, Microsoft Corp Windows Server 2016 - , Microsoft Corp Windows RT 8.1 - , Microsoft Corp Windows Server 2008 Service Pack 2 (Server Core Installation) - 64-bit, Microsoft Corp Windows Server 2008 Service Pack 2 (Server Core Installation) - 32-bit, Microsoft Corp Windows Server 2012 R2 (Server Core installation) - , Microsoft Corp Windows Server 2016 (Server Core installation) - , Microsoft Corp Windows Server 2008 R2 Service Pack 1 (Server Core installation) - 64-bit, Microsoft Corp Windows 10 1809 - 64-bit, Microsoft Corp Windows 10 1809 - 32-bit, Microsoft Corp Windows Server 2019 - , Microsoft Corp Windows Server 2019 (Server Core installation) - , Microsoft Corp Windows 10 1809 - ARM64, Microsoft Corp Windows 10 20H2 - ARM64, Microsoft Corp Windows 10 20H2 - 32-bit, Microsoft Corp Windows 10 20H2 - 64-bit, Microsoft Corp Windows 10 21H1 - 32-bit, Microsoft Corp Windows 10 21H1 - 64-bit, Microsoft Corp Windows 10 21H1 - ARM64, Microsoft Corp Windows Server 2022 - , Microsoft Corp Windows Server 2022 (Server Core installation) - , Microsoft Corp Windows 11 - 64-bit, Microsoft Corp Windows 11 - ARM64, Microsoft Corp Windows 10 21H2 - 64-bit, Microsoft Corp Windows 10 21H2 - 32-bit, Microsoft Corp Windows 10 21H2 - ARM64, Microsoft Corp Windows 11 22H2 - 64-bit, Microsoft Corp Windows 11 22H2 - ARM64, Microsoft Corp Windows 10 22H2 - 64-bit, Microsoft Corp Windows 10 22H2 - ARM64, Microsoft Corp Windows 10 22H2 - 32-bit, Microsoft Corp Windows Server 2012 (Server Core installation) - ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c Microsoft .NET Core, .NET Framework \u0438 .NET, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c Microsoft .NET Core, .NET Framework \u0438 .NET \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41089\nhttps://github.com/dotnet/announcements/issues/242",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,2)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}
FKIE_CVE-2022-41089
Vulnerability from fkie_nvd - Published: 2022-12-13 19:15 - Updated: 2025-01-02 22:15
Severity
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
.NET Framework Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_10 | 20h2 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_server_2019 | - | |
| microsoft | windows_server_2022 | - | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_10 | 21h1 | |
| microsoft | windows_10 | 21h2 | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | .net_framework | 4.6 | |
| microsoft | .net_framework | 4.6.1 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_7 | sp1 | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.8.1 | |
| microsoft | windows_11 | - | |
| microsoft | windows_11 | - | |
| microsoft | windows_server_2022 | - | |
| microsoft | .net_framework | 4.8.1 | |
| microsoft | windows_10 | 21h1 | |
| microsoft | windows_10 | 21h2 | |
| microsoft | .net_framework | 3.5.1 | |
| microsoft | windows_7 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | .net_framework | 3.5 | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net_framework | 2.0 | |
| microsoft | .net_framework | 3.0 | |
| microsoft | .net_framework | 4.6 | |
| microsoft | windows_server_2008 | sp2 | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_server_2016 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10 | 20h2 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_11 | - | |
| microsoft | windows_11 | - | |
| microsoft | windows_server_2019 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E2C378B-1507-4C81-82F6-9F599616845A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAE4278F-71A7-43E9-8F79-1CBFAE71D730",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*",
"matchCriteriaId": "71E65CB9-6DC2-4A90-8C6A-103BEDC99823",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "280FE663-23BE-45D2-9B31-5F577E390B48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0B660D-1F30-4D45-B98B-726EDB8CB90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "734112B3-1383-4BE3-8721-C0F84566B764",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36B0E40A-84EF-4099-A395-75D6B8CDA196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_7:sp1:*:*:*:*:*:*:*",
"matchCriteriaId": "84079754-7D44-439C-ADFC-C560945B6DF1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "934D4E46-12C1-41DC-A28C-A2C430E965E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B9F64296-66BF-4F1D-A11C-0C44C347E2AC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "5D7F7DDB-440E-42CD-82F4-B2C13F3CC462",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "934D4E46-12C1-41DC-A28C-A2C430E965E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAE4278F-71A7-43E9-8F79-1CBFAE71D730",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*",
"matchCriteriaId": "71E65CB9-6DC2-4A90-8C6A-103BEDC99823",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8EDC4407-7E92-4E60-82F0-0C87D1860D3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D400E856-2B2E-4CEA-8CA5-309FDF371CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "280FE663-23BE-45D2-9B31-5F577E390B48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:*:*",
"matchCriteriaId": "66CAFDB7-9D41-4E67-AB83-5EB104551FF5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "734112B3-1383-4BE3-8721-C0F84566B764",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36B0E40A-84EF-4099-A395-75D6B8CDA196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*",
"matchCriteriaId": "610B33F9-0309-4CF7-B7E4-5152D9B2FFE4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B9F64296-66BF-4F1D-A11C-0C44C347E2AC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "5D7F7DDB-440E-42CD-82F4-B2C13F3CC462",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": ".NET Framework Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de .NET Framework."
}
],
"id": "CVE-2022-41089",
"lastModified": "2025-01-02T22:15:23.873",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-13T19:15:12.090",
"references": [
{
"source": "secure@microsoft.com",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41089"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-2C7V-QCJP-4MG2
Vulnerability from github – Published: 2022-12-14 21:42 – Updated: 2025-01-03 16:00
VLAI
Summary
.NET Remote Code Execution Vulnerability
Details
Microsoft Security Advisory CVE-2022-41089: .NET Remote Code Execution Vulnerability
Executive summary
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1, .NET 6.0., and .NET 7.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A remote code execution vulnerability exists in .NET Core 3.1, .NET 6.0, and .NET 7.0, where a malicious actor could cause a user to run arbitrary code as a result of parsing maliciously crafted xps files.
Announcement
Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/242
Mitigation factors
Microsoft has not identified any mitigating factors for this vulnerability.
Affected software
- Any .NET 7.0 WinForms or WPF application running on .NET 7.0.0 or earlier.
- Any .NET 6.0 WinForms or WPF application running on .NET 6.0.11 or earlier.
- Any .NET Core 3.1 WinForms or WPF application running on .NET 3.1.31 or earlier.
If the application does not utilize WinForms or WPF, it is not affected by this vulnerability.
Applications targeting Mac, Linux, Android, iOS, and other non-Windows platforms are not affected by this vulnerability.
If your application uses the following package versions, ensure you update to the latest version of .NET.
.NET Core 3.1
| Package name | Affected version | Patched version |
|---|---|---|
| Microsoft.WindowsDesktop.App.Runtime.win-x64 | >= 3.1.0, <= 3.1.31 | 3.1.32 |
| Microsoft.WindowsDesktop.App.Runtime.win-x86 | >= 3.1.0, <= 3.1.31 | 3.1.32 |
.NET 6
| Package name | Affected version | Patched version |
|---|---|---|
| Microsoft.WindowsDesktop.App.Runtime.win-arm64 | >= 6.0.0, <= 6.0.11 | 6.0.12 |
| Microsoft.WindowsDesktop.App.Runtime.win-x64 | >= 6.0.0, <= 6.0.11 | 6.0.12 |
| Microsoft.WindowsDesktop.App.Runtime.win-x86 | >= 6.0.0, <= 6.0.11 | 6.0.12 |
.NET 7
| Package name | Affected version | Patched version |
|---|---|---|
| Microsoft.WindowsDesktop.App.Runtime.win-arm64 | >= 7.0.0, <= 7.0.0 | 7.0.1 |
| Microsoft.WindowsDesktop.App.Runtime.win-x64 | >= 7.0.0, <= 7.0.0 | 7.0.1 |
| Microsoft.WindowsDesktop.App.Runtime.win-x86 | >= 7.0.0, <= 7.0.0 | 7.0.1 |
Advisory FAQ
How do I know if I am affected?
If you have a runtime or SDK with a version listed, or an affected package listed in affected software, you're exposed to the vulnerability.
How do I fix the issue?
- To fix the issue please install the latest version of .NET 7.0, .NET 6.0 or .NET Core 3.1. If you have installed one or more .NET SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET SDKs.
- If you have .NET Core 3.1 or greater installed, you can list the versions you have installed by running the
dotnet --infocommand. You will see output like the following; - If you are using one of the affected packages, please update to the patched version listed above.
.NET Core SDK (reflecting any global.json):
Version: 6.0.300
Commit: 8473146e7d
Runtime Environment:
OS Name: Windows
OS Version: 10.0.18363
OS Platform: Windows
RID: win10-x64
Base Path: C:\Program Files\dotnet\sdk\6.0.300\
Host (useful for support):
Version: 6.0.5
Commit: 8473146e7d
.NET Core SDKs installed:
6.0.300 [C:\Program Files\dotnet\sdk]
.NET Core runtimes installed:
Microsoft.AspNetCore.App 6.0.5 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.NETCore.App 6.0.5 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.WindowsDesktop.App 6.0.5 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
To install additional .NET Core runtimes or SDKs:
https://aka.ms/dotnet-download
- If you're using .NET 7.0, you should download and install Runtime 7.0.1 or SDK 7.0.101 (for Visual Studio 2022 v17.4) from https://dotnet.microsoft.com/download/dotnet-core/7.0.
- If you're using .NET 6.0, you should download and install Runtime 6.0.12 or SDK 6.0.112 (for Visual Studio 2022 v17.1) from https://dotnet.microsoft.com/download/dotnet-core/6.0.
- If you're using .NET Core 3.1, you should download and install Runtime 3.1.32 (for Visual Studio 2019 v16.9) from https://dotnet.microsoft.com/download/dotnet-core/3.1.
.NET 7.0, .NET 6.0 and .NET Core 3.1 updates are also available from Microsoft Update. To access this either type "Check for updates" in your Windows search, or open Settings, choose Update & Security and then click Check for Updates.
Once you have installed the updated runtime or SDK, restart your apps for the update to take effect.
Additionally, if you've deployed self-contained applications targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed.
Other Information
Acknowledgements
Eleftherios Panos with Nettitude Nick Landers with NetSPI
Reporting Security Issues
If you have found a potential security issue in .NET 7.0, .NET 6.0 or .NET Core 3.1, please email details to secure@microsoft.com. Reports may qualify for the Microsoft .NET Core & .NET 5 Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at https://aka.ms/corebounty.
Support
You can ask questions about this issue on GitHub in the .NET GitHub organization. The main repos are located at https://github.com/dotnet/runtime and https://github.com/dotnet/wpf/. The Announcements repo (https://github.com/dotnet/Announcements) will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue.
Disclaimer
The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
External Links
Severity
8.8 (High)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.1.31"
},
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.WindowsDesktop.App.Runtime.win-x64"
},
"ranges": [
{
"events": [
{
"introduced": "3.1.0"
},
{
"fixed": "3.1.32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.1.31"
},
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.WindowsDesktop.App.Runtime.win-x86"
},
"ranges": [
{
"events": [
{
"introduced": "3.1.0"
},
{
"fixed": "3.1.32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 6.0.11"
},
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.WindowsDesktop.App.Runtime.win-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 6.0.11"
},
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.WindowsDesktop.App.Runtime.win-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 6.0.11"
},
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.WindowsDesktop.App.Runtime.win-x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.WindowsDesktop.App.Runtime.win-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7.0.0"
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.WindowsDesktop.App.Runtime.win-x86"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7.0.0"
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.WindowsDesktop.App.Runtime.win-x64"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7.0.0"
]
}
],
"aliases": [
"CVE-2022-41089"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-14T21:42:00Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "# Microsoft Security Advisory CVE-2022-41089: .NET Remote Code Execution Vulnerability\n\n## \u003ca name=\"executive-summary\"\u003e\u003c/a\u003eExecutive summary\n\nMicrosoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1, .NET 6.0., and .NET 7.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nA remote code execution vulnerability exists in .NET Core 3.1, .NET 6.0, and .NET 7.0, where a malicious actor could cause a user to run arbitrary code as a result of parsing maliciously crafted xps files.\n\n## Announcement\n\nAnnouncement for this issue can be found at https://github.com/dotnet/announcements/issues/242\n\n### \u003ca name=\"mitigation-factors\"\u003e\u003c/a\u003eMitigation factors\n\nMicrosoft has not identified any mitigating factors for this vulnerability.\n\n## \u003ca name=\"affected-software\"\u003e\u003c/a\u003eAffected software\n\n* Any .NET 7.0 WinForms or WPF application running on .NET 7.0.0 or earlier.\n* Any .NET 6.0 WinForms or WPF application running on .NET 6.0.11 or earlier.\n* Any .NET Core 3.1 WinForms or WPF application running on .NET 3.1.31 or earlier.\n\nIf the application does not utilize WinForms or WPF, it is not affected by this vulnerability.\n\nApplications targeting Mac, Linux, Android, iOS, and other non-Windows platforms are not affected by this vulnerability.\n\nIf your application uses the following package versions, ensure you update to the latest version of .NET.\n\n### \u003ca name=\".NET Core 3.1\"\u003e\u003c/a\u003e.NET Core 3.1\n\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[Microsoft.WindowsDesktop.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.WindowsDesktop.App.Runtime.win-x64)|\u003e= 3.1.0, \u003c= 3.1.31|3.1.32\n[Microsoft.WindowsDesktop.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.WindowsDesktop.App.Runtime.win-x86)|\u003e= 3.1.0, \u003c= 3.1.31|3.1.32\n\n### \u003ca name=\".NET 6\"\u003e\u003c/a\u003e.NET 6\n\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[Microsoft.WindowsDesktop.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.WindowsDesktop.App.Runtime.win-arm64)|\u003e= 6.0.0, \u003c= 6.0.11|6.0.12\n[Microsoft.WindowsDesktop.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.WindowsDesktop.App.Runtime.win-x64)|\u003e= 6.0.0, \u003c= 6.0.11|6.0.12\n[Microsoft.WindowsDesktop.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.WindowsDesktop.App.Runtime.win-x86)|\u003e= 6.0.0, \u003c= 6.0.11|6.0.12\n\n### \u003ca name=\".NET 7\"\u003e\u003c/a\u003e.NET 7\n\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[Microsoft.WindowsDesktop.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.WindowsDesktop.App.Runtime.win-arm64)|\u003e= 7.0.0, \u003c= 7.0.0|7.0.1\n[Microsoft.WindowsDesktop.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.WindowsDesktop.App.Runtime.win-x64)|\u003e= 7.0.0, \u003c= 7.0.0|7.0.1\n[Microsoft.WindowsDesktop.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.WindowsDesktop.App.Runtime.win-x86)|\u003e= 7.0.0, \u003c= 7.0.0|7.0.1\n\n## Advisory FAQ\n\n### \u003ca name=\"how-affected\"\u003e\u003c/a\u003eHow do I know if I am affected?\n\nIf you have a runtime or SDK with a version listed, or an affected package listed in [affected software](#affected-software), you\u0027re exposed to the vulnerability.\n\n### \u003ca name=\"how-fix\"\u003e\u003c/a\u003eHow do I fix the issue?\n\n* To fix the issue please install the latest version of .NET 7.0, .NET 6.0 or .NET Core 3.1. If you have installed one or more .NET SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET SDKs.\n* If you have .NET Core 3.1 or greater installed, you can list the versions you have installed by running the `dotnet --info` command. You will see output like the following;\n* If you are using one of the affected packages, please update to the patched version listed above. \n\n```\n.NET Core SDK (reflecting any global.json):\n\n Version: 6.0.300\n Commit: 8473146e7d\n\nRuntime Environment:\n\n OS Name: Windows\n OS Version: 10.0.18363\n OS Platform: Windows\n RID: win10-x64\n Base Path: C:\\Program Files\\dotnet\\sdk\\6.0.300\\\n\nHost (useful for support):\n\n Version: 6.0.5\n Commit: 8473146e7d\n\n.NET Core SDKs installed:\n\n 6.0.300 [C:\\Program Files\\dotnet\\sdk]\n\n.NET Core runtimes installed:\n\n Microsoft.AspNetCore.App 6.0.5 [C:\\Program Files\\dotnet\\shared\\Microsoft.AspNetCore.App]\n Microsoft.NETCore.App 6.0.5 [C:\\Program Files\\dotnet\\shared\\Microsoft.NETCore.App]\n Microsoft.WindowsDesktop.App 6.0.5 [C:\\Program Files\\dotnet\\shared\\Microsoft.WindowsDesktop.App]\n\nTo install additional .NET Core runtimes or SDKs:\n https://aka.ms/dotnet-download\n```\n\n* If you\u0027re using .NET 7.0, you should download and install Runtime 7.0.1 or SDK 7.0.101 (for Visual Studio 2022 v17.4) from https://dotnet.microsoft.com/download/dotnet-core/7.0.\n* If you\u0027re using .NET 6.0, you should download and install Runtime 6.0.12 or SDK 6.0.112 (for Visual Studio 2022 v17.1) from https://dotnet.microsoft.com/download/dotnet-core/6.0.\n* If you\u0027re using .NET Core 3.1, you should download and install Runtime 3.1.32 (for Visual Studio 2019 v16.9) from https://dotnet.microsoft.com/download/dotnet-core/3.1.\n\n.NET 7.0, .NET 6.0 and .NET Core 3.1 updates are also available from Microsoft Update. To access this either type \"Check for updates\" in your Windows search, or open Settings, choose Update \u0026 Security and then click Check for Updates.\n\nOnce you have installed the updated runtime or SDK, restart your apps for the update to take effect.\n\nAdditionally, if you\u0027ve deployed [self-contained applications](https://docs.microsoft.com/dotnet/core/deploying/#self-contained-deployments-scd) targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed.\n\n## Other Information\n\n### Acknowledgements\n\n[Eleftherios Panos](https://twitter.com/lefterispan) with [Nettitude](https://www.nettitude.com/)\n[Nick Landers](https://twitter.com/monoxgas) with NetSPI\n\n### Reporting Security Issues\n\nIf you have found a potential security issue in .NET 7.0, .NET 6.0 or .NET Core 3.1, please email details to secure@microsoft.com. Reports may qualify for the Microsoft .NET Core \u0026 .NET 5 Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at \u003chttps://aka.ms/corebounty\u003e.\n\n### Support\n\nYou can ask questions about this issue on GitHub in the .NET GitHub organization. The main repos are located at https://github.com/dotnet/runtime and https://github.com/dotnet/wpf/. The Announcements repo (https://github.com/dotnet/Announcements) will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue.\n\n### Disclaimer\n\nThe information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\n\n### External Links\n\n[CVE-2022-41089]( https://www.cve.org/CVERecord?id=CVE-2022-41089)\n\n",
"id": "GHSA-2c7v-qcjp-4mg2",
"modified": "2025-01-03T16:00:24Z",
"published": "2022-12-14T21:42:00Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/dotnet/wpf/security/advisories/GHSA-2c7v-qcjp-4mg2"
},
{
"type": "WEB",
"url": "https://github.com/dotnet/announcements/issues/242"
},
{
"type": "WEB",
"url": "https://github.com/dotnet/wpf/commit/5f4c0f7763a06b024c8a517616e0fc0194e997a4"
},
{
"type": "WEB",
"url": "https://github.com/dotnet/wpf/commit/7b0be4d41c33ce8525d8160bf8869cac10f8a8cd"
},
{
"type": "WEB",
"url": "https://github.com/dotnet/wpf/commit/c08825a9889e6c798fe95ed5ec1f6a9f517ab5a0"
},
{
"type": "PACKAGE",
"url": "https://github.com/dotnet/wpf"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41089"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": ".NET Remote Code Execution Vulnerability"
}
GSD-2022-41089
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
.NET Framework Remote Code Execution Vulnerability
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-41089",
"id": "GSD-2022-41089"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-41089"
],
"details": ".NET Framework Remote Code Execution Vulnerability",
"id": "GSD-2022-41089",
"modified": "2023-12-13T01:19:32.829326Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2022-41089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Visual Studio 2022 version 17.2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "17.2.0",
"version_value": "17.2.11"
}
]
}
},
{
"product_name": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "16.11.0",
"version_value": "16.11.22"
}
]
}
},
{
"product_name": "Microsoft Visual Studio 2022 version 17.0",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "17.0.0",
"version_value": "17.0.17"
}
]
}
},
{
"product_name": "Microsoft Visual Studio 2022 version 17.4",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "17.4.0",
"version_value": "17.4.3"
}
]
}
},
{
"product_name": ".NET 6.0",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.0.0",
"version_value": "6.0.12"
}
]
}
},
{
"product_name": ".NET Core 3.1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.1",
"version_value": "3.1.32"
}
]
}
},
{
"product_name": ".NET 7.0",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.0.0",
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "PowerShell 7.2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.2.0",
"version_value": "7.2.9"
}
]
}
},
{
"product_name": "PowerShell 7.3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.3.0",
"version_value": "7.3.2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.8.0",
"version_value": "04590.02"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.8.0",
"version_value": "04590.02"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.7.0",
"version_value": "04010.02"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8.1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.8.1",
"version_value": "09115.01"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 2.0 Service Pack 2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.0.0",
"version_value": "30729.8953"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.0 Service Pack 2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.0.0",
"version_value": "30729.8953"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.5.0",
"version_value": "30729.8953"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5.1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.5.0",
"version_value": "30729.8953"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.7.0",
"version_value": "04010.02"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6.2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.7.0",
"version_value": "04010.02"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.6/4.6.2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.10240.19624"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": ".NET Framework Remote Code Execution Vulnerability"
}
]
},
"impact": {
"cvss": [
{
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41089",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41089"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[6.0.0,6.0.11],[7.0.0]",
"affected_versions": "All versions starting from 6.0.0 up to 6.0.11, version 7.0.0",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-12-14",
"description": ".NET Framework Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.12",
"7.0.1"
],
"identifier": "CVE-2022-41089",
"identifiers": [
"GHSA-2c7v-qcjp-4mg2",
"CVE-2022-41089"
],
"not_impacted": "All versions before 6.0.0, all versions after 6.0.11 before 7.0.0, all versions after 7.0.0",
"package_slug": "nuget/Microsoft.WindowsDesktop.App.Runtime.win-arm64",
"pubdate": "2022-12-14",
"solution": "Upgrade to versions 6.0.12, 7.0.1 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/wpf/security/advisories/GHSA-2c7v-qcjp-4mg2",
"https://github.com/dotnet/announcements/issues/242",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41089",
"https://github.com/advisories/GHSA-2c7v-qcjp-4mg2"
],
"uuid": "04d4e354-10f7-48aa-93b5-8cb6d8921eda"
},
{
"affected_range": "[3.1.0,3.1.31],[6.0.0,6.0.11],[7.0.0]",
"affected_versions": "All versions starting from 3.1.0 up to 3.1.31, all versions starting from 6.0.0 up to 6.0.11, version 7.0.0",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-12-14",
"description": ".NET Framework Remote Code Execution Vulnerability.",
"fixed_versions": [
"3.1.32",
"6.0.12",
"7.0.1"
],
"identifier": "CVE-2022-41089",
"identifiers": [
"GHSA-2c7v-qcjp-4mg2",
"CVE-2022-41089"
],
"not_impacted": "All versions before 3.1.0, all versions after 3.1.31 before 6.0.0, all versions after 6.0.11 before 7.0.0, all versions after 7.0.0",
"package_slug": "nuget/Microsoft.WindowsDesktop.App.Runtime.win-x64",
"pubdate": "2022-12-14",
"solution": "Upgrade to versions 3.1.32, 6.0.12, 7.0.1 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/wpf/security/advisories/GHSA-2c7v-qcjp-4mg2",
"https://github.com/dotnet/announcements/issues/242",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41089",
"https://github.com/advisories/GHSA-2c7v-qcjp-4mg2"
],
"uuid": "77074179-bfa3-4453-83f2-546ab0561538"
},
{
"affected_range": "[3.1.0,3.1.31],[6.0.0,6.0.11],[7.0.0]",
"affected_versions": "All versions starting from 3.1.0 up to 3.1.31, all versions starting from 6.0.0 up to 6.0.11, version 7.0.0",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-12-14",
"description": ".NET Framework Remote Code Execution Vulnerability.",
"fixed_versions": [
"3.1.32",
"6.0.12",
"7.0.1"
],
"identifier": "CVE-2022-41089",
"identifiers": [
"GHSA-2c7v-qcjp-4mg2",
"CVE-2022-41089"
],
"not_impacted": "All versions before 3.1.0, all versions after 3.1.31 before 6.0.0, all versions after 6.0.11 before 7.0.0, all versions after 7.0.0",
"package_slug": "nuget/Microsoft.WindowsDesktop.App.Runtime.win-x86",
"pubdate": "2022-12-14",
"solution": "Upgrade to versions 3.1.32, 6.0.12, 7.0.1 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/wpf/security/advisories/GHSA-2c7v-qcjp-4mg2",
"https://github.com/dotnet/announcements/issues/242",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41089",
"https://github.com/advisories/GHSA-2c7v-qcjp-4mg2"
],
"uuid": "9e611a68-6ca9-4413-b16b-064ae2e403e4"
},
{
"affected_range": "[2.0,3.0],[3.5,3.5.1],[4.6],[4.6.2],[4.7,4.7.2],[4.7,4.7.2],[4.8,4.8.1]",
"affected_versions": "All versions starting from 2.0 up to 3.0, all versions starting from 3.5 up to 3.5.1, version 4.6, version 4.6.2, all versions starting from 4.7 up to 4.7.2, all versions starting from 4.7 up to 4.7.2, all versions starting from 4.8 up to 4.8.1",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-12-15",
"description": ".NET Framework Remote Code Execution Vulnerability.",
"fixed_versions": [
"4.0.0-beta-23409",
"4.0.0-beta-23409"
],
"identifier": "CVE-2022-41089",
"identifiers": [
"CVE-2022-41089"
],
"not_impacted": "All versions before 2.0, all versions after 3.0 before 3.5, all versions after 3.5.1 before 4.6, all versions after 4.6 before 4.6.2, all versions after 4.6.2 before 4.7, all versions after 4.7.2, all versions before 4.7, all versions after 4.7.2 before 4.8, all versions after 4.8.1",
"package_slug": "nuget/System.Text.Encodings.Web",
"pubdate": "2022-12-13",
"solution": "Upgrade to versions 4.0.0-beta-23409, 4.0.0-beta-23409 or above. *Note*: 4.0.0-beta-23409 and 4.0.0-beta-23409 may be unstable versions. Use caution.",
"title": "Code Injection",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-41089",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41089"
],
"uuid": "bb5f7147-c280-474f-bf80-79ef7ca4c78d"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:sp1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2022-41089"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": ".NET Framework Remote Code Execution Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41089",
"refsource": "MISC",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41089"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-11-17T17:39Z",
"publishedDate": "2022-12-13T19:15Z"
}
}
}
MSRC_CVE-2022-41089
Vulnerability from csaf_microsoft - Published: 2022-12-13 08:00 - Updated: 2023-06-30 07:00Summary
.NET Framework Remote Code Execution Vulnerability
Severity
Important
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.
Affected products
Fixed
96 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft .NET Framework 4.8 4590.03
Microsoft .NET Framework 4.8
|
4590.03 | ||
|
Microsoft .NET Framework 4.8 4590.03
Microsoft .NET Framework 4.8
|
4590.03 | ||
|
Microsoft .NET Framework 4.8 4590.03
Microsoft .NET Framework 4.8
|
4590.03 | ||
|
Microsoft .NET Framework 4.8 4590.03
Microsoft .NET Framework 4.8
|
4590.03 | ||
|
Microsoft .NET Framework 4.8 4590.03
Microsoft .NET Framework 4.8
|
4590.03 | ||
|
Microsoft .NET Framework 4.8 4590.03
Microsoft .NET Framework 4.8
|
4590.03 | ||
|
Microsoft .NET Framework 4.8 4590.03
Microsoft .NET Framework 4.8
|
4590.03 | ||
|
Microsoft .NET Framework 4.8 4590.03
Microsoft .NET Framework 4.8
|
4590.03 | ||
|
Microsoft .NET Framework 4.8 4590.03
Microsoft .NET Framework 4.8
|
4590.03 | ||
|
Microsoft .NET Framework 4.8 4590.03
Microsoft .NET Framework 4.8
|
4590.03 | ||
|
Microsoft .NET Framework 4.8 4590.03
Microsoft .NET Framework 4.8
|
4590.03 | ||
|
Microsoft .NET Framework 4.8 4590.03
Microsoft .NET Framework 4.8
|
4590.03 | ||
|
Microsoft .NET Framework 4.8 4590.03
Microsoft .NET Framework 4.8
|
4590.03 | ||
|
Microsoft .NET Framework 4.8 4590.03
Microsoft .NET Framework 4.8
|
4590.03 | ||
|
Microsoft .NET Framework 4.8 4590.03
Microsoft .NET Framework 4.8
|
4590.03 | ||
|
Microsoft .NET Framework 4.8 4590.03
Microsoft .NET Framework 4.8
|
4590.03 | ||
|
Microsoft .NET Framework 4.8 4590.03
Microsoft .NET Framework 4.8
|
4590.03 | ||
|
Microsoft .NET Framework 4.8 4590.03
Microsoft .NET Framework 4.8
|
4590.03 | ||
|
Microsoft .NET Framework 3.5 AND 4.8 4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
4590.02 | ||
|
Microsoft .NET Framework 3.5 AND 4.8 4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
4590.02 | ||
|
Microsoft .NET Framework 3.5 AND 4.8 4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
4590.02 | ||
|
Microsoft .NET Framework 3.5 AND 4.8 4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
4590.02 | ||
|
Microsoft .NET Framework 3.5 AND 4.8 4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
4590.02 | ||
|
Microsoft .NET Framework 3.5 AND 4.8 4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
4590.02 | ||
|
Microsoft .NET Framework 3.5 AND 4.8 4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
4590.02 | ||
|
Microsoft .NET Framework 3.5 AND 4.8 4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
4590.02 | ||
|
Microsoft .NET Framework 3.5 AND 4.8 4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
4590.02 | ||
|
Microsoft .NET Framework 3.5 AND 4.8 4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
4590.02 | ||
|
Microsoft .NET Framework 3.5 AND 4.8 4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
4590.02 | ||
|
Microsoft .NET Framework 3.5 AND 4.8 4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
4590.02 | ||
|
Microsoft .NET Framework 3.5 AND 4.8 4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
4590.02 | ||
|
Microsoft .NET Framework 3.5 AND 4.8 4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
4590.02 | ||
|
Microsoft .NET Framework 3.5 AND 4.8 4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
4590.02 | ||
|
Microsoft .NET Framework 3.5 AND 4.8 4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
4590.02 | ||
|
Microsoft .NET Framework 3.5 AND 4.8 4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
4590.02 | ||
|
Microsoft .NET Framework 3.5 AND 4.7.2 04590.02
Microsoft .NET Framework 3.5 AND 4.7.2
|
04590.02 | ||
|
Microsoft .NET Framework 3.5 AND 4.7.2 04590.02
Microsoft .NET Framework 3.5 AND 4.7.2
|
04590.02 | ||
|
Microsoft .NET Framework 3.5 AND 4.7.2 04590.02
Microsoft .NET Framework 3.5 AND 4.7.2
|
04590.02 | ||
|
Microsoft .NET Framework 3.5 AND 4.7.2 04590.02
Microsoft .NET Framework 3.5 AND 4.7.2
|
04590.02 | ||
|
Microsoft .NET Framework 3.5 AND 4.7.2 04590.02
Microsoft .NET Framework 3.5 AND 4.7.2
|
04590.02 | ||
|
.NET Core 3.1 3.1.32
.NET Core 3.1
|
3.1.32 | ||
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 4010.03
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
4010.03 | ||
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 4010.03
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
4010.03 | ||
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 4010.03
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
4010.03 | ||
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 4010.03
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
4010.03 | ||
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 4010.03
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
4010.03 | ||
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 4010.03
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
4010.03 | ||
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 4010.03
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
4010.03 | ||
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 4010.03
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
4010.03 | ||
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 4010.03
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
4010.03 | ||
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 4010.03
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
4010.03 | ||
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 4010.03
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
4010.03 | ||
|
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) 16.11.22
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
|
16.11.22 | ||
|
Microsoft Visual Studio 2022 version 17.0 17.0.17
Microsoft Visual Studio 2022 version 17.0
|
17.0.17 | ||
|
PowerShell 7.2 7.2.9
PowerShell 7.2
|
7.2.9 | ||
|
.NET 6.0 6.0.12
.NET 6.0
|
6.0.12 | ||
|
Microsoft Visual Studio 2022 version 17.2 17.2.11
Microsoft Visual Studio 2022 version 17.2
|
17.2.11 | ||
|
Microsoft .NET Framework 3.5 AND 4.8.1 9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
9115.01 | ||
|
Microsoft .NET Framework 3.5 AND 4.8.1 9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
9115.01 | ||
|
Microsoft .NET Framework 3.5 AND 4.8.1 9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
9115.01 | ||
|
Microsoft .NET Framework 3.5 AND 4.8.1 9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
9115.01 | ||
|
Microsoft .NET Framework 3.5 AND 4.8.1 9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
9115.01 | ||
|
Microsoft .NET Framework 3.5 AND 4.8.1 9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
9115.01 | ||
|
Microsoft .NET Framework 3.5 AND 4.8.1 9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
9115.01 | ||
|
Microsoft .NET Framework 3.5 AND 4.8.1 9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
9115.01 | ||
|
Microsoft .NET Framework 3.5 AND 4.8.1 9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
9115.01 | ||
|
Microsoft .NET Framework 3.5 AND 4.8.1 9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
9115.01 | ||
|
Microsoft .NET Framework 3.5 AND 4.8.1 9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
9115.01 | ||
|
Microsoft .NET Framework 3.5 AND 4.8.1 9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
9115.01 | ||
|
Microsoft .NET Framework 3.5 AND 4.8.1 9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
9115.01 | ||
|
Microsoft .NET Framework 3.5 AND 4.8.1 9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
9115.01 | ||
|
Microsoft .NET Framework 3.5 AND 4.8.1 9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
9115.01 | ||
|
Microsoft .NET Framework 3.5 AND 4.8.1 9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
9115.01 | ||
|
Microsoft .NET Framework 4.6.2 04010.03
Microsoft .NET Framework 4.6.2
|
04010.03 | ||
|
Microsoft .NET Framework 4.6.2 04010.03
Microsoft .NET Framework 4.6.2
|
04010.03 | ||
|
Microsoft .NET Framework 4.6.2 04010.03
Microsoft .NET Framework 4.6.2
|
04010.03 | ||
|
Microsoft .NET Framework 4.6.2 04010.03
Microsoft .NET Framework 4.6.2
|
04010.03 | ||
|
Microsoft Visual Studio 2022 version 17.4 17.4.3
Microsoft Visual Studio 2022 version 17.4
|
17.4.3 | ||
|
.NET 7.0 7.0.1
.NET 7.0
|
7.0.1 | ||
|
PowerShell 7.3 7.3.2
PowerShell 7.3
|
7.3.2 | ||
|
Microsoft .NET Framework 3.5 AND 4.6/4.6.2 10.0.10240.19624
Microsoft .NET Framework 3.5 AND 4.6/4.6.2
|
10.0.10240.19624 | ||
|
Microsoft .NET Framework 3.5 AND 4.6/4.6.2 10.0.10240.19624
Microsoft .NET Framework 3.5 AND 4.6/4.6.2
|
10.0.10240.19624 | ||
|
Microsoft .NET Framework 3.5 30729.8953
Microsoft .NET Framework 3.5
|
30729.8953 | ||
|
Microsoft .NET Framework 3.5 30729.8953
Microsoft .NET Framework 3.5
|
30729.8953 | ||
|
Microsoft .NET Framework 3.5 30729.8953
Microsoft .NET Framework 3.5
|
30729.8953 | ||
|
Microsoft .NET Framework 3.5 30729.8953
Microsoft .NET Framework 3.5
|
30729.8953 | ||
|
Microsoft .NET Framework 3.5 30729.8953
Microsoft .NET Framework 3.5
|
30729.8953 | ||
|
Microsoft .NET Framework 3.5 30729.8953
Microsoft .NET Framework 3.5
|
30729.8953 | ||
|
Microsoft .NET Framework 3.0 Service Pack 2 30729.8953
Microsoft .NET Framework 3.0 Service Pack 2
|
30729.8953 | ||
|
Microsoft .NET Framework 3.0 Service Pack 2 30729.8953
Microsoft .NET Framework 3.0 Service Pack 2
|
30729.8953 | ||
|
Microsoft .NET Framework 2.0 Service Pack 2 30729.8953
Microsoft .NET Framework 2.0 Service Pack 2
|
30729.8953 | ||
|
Microsoft .NET Framework 2.0 Service Pack 2 30729.8953
Microsoft .NET Framework 2.0 Service Pack 2
|
30729.8953 | ||
|
Microsoft .NET Framework 3.5.1 30729.8953
Microsoft .NET Framework 3.5.1
|
30729.8953 | ||
|
Microsoft .NET Framework 3.5.1 30729.8953
Microsoft .NET Framework 3.5.1
|
30729.8953 | ||
|
Microsoft .NET Framework 3.5.1 30729.8953
Microsoft .NET Framework 3.5.1
|
30729.8953 | ||
|
Microsoft .NET Framework 3.5.1 30729.8953
Microsoft .NET Framework 3.5.1
|
30729.8953 |
Known affected
96 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft .NET Framework 3.5 AND 4.6/4.6.2 <10.0.10240.19624
Microsoft .NET Framework 3.5 AND 4.6/4.6.2
|
<10.0.10240.19624 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.6/4.6.2 <10.0.10240.19624
Microsoft .NET Framework 3.5 AND 4.6/4.6.2
|
<10.0.10240.19624 |
Vendor Fix
fix
|
|
|
PowerShell 7.3 <7.3.2
PowerShell 7.3
|
<7.3.2 |
Vendor Fix
fix
|
|
|
.NET 7.0 <7.0.1
.NET 7.0
|
<7.0.1 |
Vendor Fix
fix
|
|
|
Microsoft Visual Studio 2022 version 17.4 <17.4.3
Microsoft Visual Studio 2022 version 17.4
|
<17.4.3 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6.2 <04010.03
Microsoft .NET Framework 4.6.2
|
<04010.03 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6.2 <04010.03
Microsoft .NET Framework 4.6.2
|
<04010.03 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6.2 <04010.03
Microsoft .NET Framework 4.6.2
|
<04010.03 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6.2 <04010.03
Microsoft .NET Framework 4.6.2
|
<04010.03 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8.1 <9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
<9115.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8.1 <9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
<9115.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8.1 <9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
<9115.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8.1 <9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
<9115.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8.1 <9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
<9115.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8.1 <9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
<9115.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8.1 <9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
<9115.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8.1 <9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
<9115.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8.1 <9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
<9115.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8.1 <9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
<9115.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8.1 <9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
<9115.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8.1 <9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
<9115.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8.1 <9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
<9115.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8.1 <9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
<9115.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8.1 <9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
<9115.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8.1 <9115.01
Microsoft .NET Framework 3.5 AND 4.8.1
|
<9115.01 |
Vendor Fix
fix
|
|
|
Microsoft Visual Studio 2022 version 17.2 <17.2.11
Microsoft Visual Studio 2022 version 17.2
|
<17.2.11 |
Vendor Fix
fix
|
|
|
.NET 6.0 <6.0.12
.NET 6.0
|
<6.0.12 |
Vendor Fix
fix
|
|
|
PowerShell 7.2 <7.2.9
PowerShell 7.2
|
<7.2.9 |
Vendor Fix
fix
|
|
|
Microsoft Visual Studio 2022 version 17.0 <17.0.17
Microsoft Visual Studio 2022 version 17.0
|
<17.0.17 |
Vendor Fix
fix
|
|
|
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) <16.11.22
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
|
<16.11.22 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 <4010.03
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
<4010.03 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 <4010.03
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
<4010.03 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 <4010.03
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
<4010.03 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 <4010.03
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
<4010.03 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 <4010.03
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
<4010.03 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 <4010.03
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
<4010.03 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 <4010.03
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
<4010.03 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 <4010.03
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
<4010.03 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 <4010.03
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
<4010.03 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 <4010.03
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
<4010.03 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 <4010.03
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
<4010.03 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
.NET Core 3.1 <3.1.32
.NET Core 3.1
|
<3.1.32 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.7.2 <04590.02
Microsoft .NET Framework 3.5 AND 4.7.2
|
<04590.02 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.7.2 <04590.02
Microsoft .NET Framework 3.5 AND 4.7.2
|
<04590.02 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.7.2 <04590.02
Microsoft .NET Framework 3.5 AND 4.7.2
|
<04590.02 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.7.2 <04590.02
Microsoft .NET Framework 3.5 AND 4.7.2
|
<04590.02 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.7.2 <04590.02
Microsoft .NET Framework 3.5 AND 4.7.2
|
<04590.02 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8 <4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
<4590.02 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8 <4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
<4590.02 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8 <4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
<4590.02 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8 <4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
<4590.02 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8 <4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
<4590.02 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8 <4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
<4590.02 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8 <4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
<4590.02 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8 <4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
<4590.02 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8 <4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
<4590.02 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8 <4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
<4590.02 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8 <4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
<4590.02 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8 <4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
<4590.02 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8 <4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
<4590.02 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8 <4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
<4590.02 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8 <4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
<4590.02 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8 <4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
<4590.02 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.8 <4590.02
Microsoft .NET Framework 3.5 AND 4.8
|
<4590.02 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <4590.03
Microsoft .NET Framework 4.8
|
<4590.03 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <4590.03
Microsoft .NET Framework 4.8
|
<4590.03 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <4590.03
Microsoft .NET Framework 4.8
|
<4590.03 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <4590.03
Microsoft .NET Framework 4.8
|
<4590.03 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <4590.03
Microsoft .NET Framework 4.8
|
<4590.03 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <4590.03
Microsoft .NET Framework 4.8
|
<4590.03 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <4590.03
Microsoft .NET Framework 4.8
|
<4590.03 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <4590.03
Microsoft .NET Framework 4.8
|
<4590.03 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <4590.03
Microsoft .NET Framework 4.8
|
<4590.03 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <4590.03
Microsoft .NET Framework 4.8
|
<4590.03 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <4590.03
Microsoft .NET Framework 4.8
|
<4590.03 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <4590.03
Microsoft .NET Framework 4.8
|
<4590.03 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <4590.03
Microsoft .NET Framework 4.8
|
<4590.03 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <4590.03
Microsoft .NET Framework 4.8
|
<4590.03 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <4590.03
Microsoft .NET Framework 4.8
|
<4590.03 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <4590.03
Microsoft .NET Framework 4.8
|
<4590.03 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <4590.03
Microsoft .NET Framework 4.8
|
<4590.03 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <4590.03
Microsoft .NET Framework 4.8
|
<4590.03 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5.1 <30729.8953
Microsoft .NET Framework 3.5.1
|
<30729.8953 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5.1 <30729.8953
Microsoft .NET Framework 3.5.1
|
<30729.8953 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5.1 <30729.8953
Microsoft .NET Framework 3.5.1
|
<30729.8953 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5.1 <30729.8953
Microsoft .NET Framework 3.5.1
|
<30729.8953 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 2.0 Service Pack 2 <30729.8953
Microsoft .NET Framework 2.0 Service Pack 2
|
<30729.8953 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 2.0 Service Pack 2 <30729.8953
Microsoft .NET Framework 2.0 Service Pack 2
|
<30729.8953 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.0 Service Pack 2 <30729.8953
Microsoft .NET Framework 3.0 Service Pack 2
|
<30729.8953 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.0 Service Pack 2 <30729.8953
Microsoft .NET Framework 3.0 Service Pack 2
|
<30729.8953 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 <30729.8953
Microsoft .NET Framework 3.5
|
<30729.8953 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 <30729.8953
Microsoft .NET Framework 3.5
|
<30729.8953 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 <30729.8953
Microsoft .NET Framework 3.5
|
<30729.8953 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 <30729.8953
Microsoft .NET Framework 3.5
|
<30729.8953 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 <30729.8953
Microsoft .NET Framework 3.5
|
<30729.8953 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 <30729.8953
Microsoft .NET Framework 3.5
|
<30729.8953 |
Vendor Fix
fix
Vendor Fix
fix
|
Threats
Impact
Remote Code Execution
Exploit Status
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
References
7 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | self |
| https://msrc.microsoft.com/csaf/advisories/2022/m… | self |
| https://www.microsoft.com/en-us/msrc/exploitabili… | external |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/update-guide/vulnerabi… | self |
| https://msrc.microsoft.com/csaf/advisories/2022/m… | self |
Acknowledgments
<a href="https://twitter.com/monoxgas">Nick Landers</a> with NetSPI
<a href="https://twitter.com/lefterispan">Eleftherios Panos</a> with <a href="https://www.nettitude.com/">Nettitude</a>
<a href="https://twitter.com/monoxgas">Nick Landers</a> with NetSPI
{
"document": {
"acknowledgments": [
{
"names": [
"\u003ca href=\"https://twitter.com/monoxgas\"\u003eNick Landers\u003c/a\u003e with NetSPI"
]
},
{
"names": [
"\u003ca href=\"https://twitter.com/lefterispan\"\u003eEleftherios Panos\u003c/a\u003e with \u003ca href=\"https://www.nettitude.com/\"\u003eNettitude\u003c/a\u003e"
]
},
{
"names": [
"\u003ca href=\"https://twitter.com/monoxgas\"\u003eNick Landers\u003c/a\u003e with NetSPI"
]
}
],
"aggregate_severity": {
"namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
},
{
"category": "general",
"text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
"title": "Customer Action"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2022-41089 .NET Framework Remote Code Execution Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41089"
},
{
"category": "self",
"summary": "CVE-2022-41089 .NET Framework Remote Code Execution Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2022/msrc_cve-2022-41089.json"
},
{
"category": "external",
"summary": "Microsoft Exploitability Index",
"url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": ".NET Framework Remote Code Execution Vulnerability",
"tracking": {
"current_release_date": "2023-06-30T07:00:00.000Z",
"generator": {
"date": "2025-07-22T17:49:26.570Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2022-41089",
"initial_release_date": "2022-12-13T08:00:00.000Z",
"revision_history": [
{
"date": "2022-12-13T08:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2022-12-19T08:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "In the Security Updates table corrected the severity entry for Microsoft .NET Framework 3.5 AND 4.8.1 installed on Windows Server 2022. This is an informational change only. Customers who have successfully installed the update do not need to take any further action."
},
{
"date": "2023-01-25T08:00:00.000Z",
"legacy_version": "2",
"number": "3",
"summary": "Revised the Security Updates table to include PowerShell 7.2 and PowerShell 7.3 because these versions of PowerShell 7 are affected by this vulnerability. See [https://github.com/PowerShell/Announcements/issues/37](https://github.com/PowerShell/Announcements/issues/37) for more information."
},
{
"date": "2023-06-30T07:00:00.000Z",
"legacy_version": "3",
"number": "4",
"summary": "To address a known issue when after installing the December 13, 2022, updates for .NET Framework and .NET, users may have experienced issues with how WPF-based applications render XPS documents, Microsoft has released the June 2023 security updates for .NET Framework and for .NET. We recommend that customers install the June 2023 updates. Please note that if you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them. To remove either of the workarounds see the instructions for removal in the \"Alternative Workaround\" section of [KB5022083 Change in how WPF-based applications render XPS documents](https://support.microsoft.com/en-us/topic/kb5022083-change-in-how-wpf-based-applications-render-xps-documents-a4ae4fa4-bc58-4c37-acdd-5eebc4e34556)."
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c17.2.11",
"product": {
"name": "Microsoft Visual Studio 2022 version 17.2 \u003c17.2.11",
"product_id": "26"
}
},
{
"category": "product_version",
"name": "17.2.11",
"product": {
"name": "Microsoft Visual Studio 2022 version 17.2 17.2.11",
"product_id": "12051"
}
}
],
"category": "product_name",
"name": "Microsoft Visual Studio 2022 version 17.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c16.11.22",
"product": {
"name": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) \u003c16.11.22",
"product_id": "30"
}
},
{
"category": "product_version",
"name": "16.11.22",
"product": {
"name": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) 16.11.22",
"product_id": "11935"
}
}
],
"category": "product_name",
"name": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c17.0.17",
"product": {
"name": "Microsoft Visual Studio 2022 version 17.0 \u003c17.0.17",
"product_id": "29"
}
},
{
"category": "product_version",
"name": "17.0.17",
"product": {
"name": "Microsoft Visual Studio 2022 version 17.0 17.0.17",
"product_id": "11969"
}
}
],
"category": "product_name",
"name": "Microsoft Visual Studio 2022 version 17.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c17.4.3",
"product": {
"name": "Microsoft Visual Studio 2022 version 17.4 \u003c17.4.3",
"product_id": "5"
}
},
{
"category": "product_version",
"name": "17.4.3",
"product": {
"name": "Microsoft Visual Studio 2022 version 17.4 17.4.3",
"product_id": "12129"
}
}
],
"category": "product_name",
"name": "Microsoft Visual Studio 2022 version 17.4"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.0.12",
"product": {
"name": ".NET 6.0 \u003c6.0.12",
"product_id": "27"
}
},
{
"category": "product_version",
"name": "6.0.12",
"product": {
"name": ".NET 6.0 6.0.12",
"product_id": "12009"
}
}
],
"category": "product_name",
"name": ".NET 6.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.1.32",
"product": {
"name": ".NET Core 3.1 \u003c3.1.32",
"product_id": "42"
}
},
{
"category": "product_version",
"name": "3.1.32",
"product": {
"name": ".NET Core 3.1 3.1.32",
"product_id": "11730"
}
}
],
"category": "product_name",
"name": ".NET Core 3.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.0.1",
"product": {
"name": ".NET 7.0 \u003c7.0.1",
"product_id": "4"
}
},
{
"category": "product_version",
"name": "7.0.1",
"product": {
"name": ".NET 7.0 7.0.1",
"product_id": "12130"
}
}
],
"category": "product_name",
"name": ".NET 7.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.2.9",
"product": {
"name": "PowerShell 7.2 \u003c7.2.9",
"product_id": "28"
}
},
{
"category": "product_version",
"name": "7.2.9",
"product": {
"name": "PowerShell 7.2 7.2.9",
"product_id": "11970"
}
}
],
"category": "product_name",
"name": "PowerShell 7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.3.2",
"product": {
"name": "PowerShell 7.3 \u003c7.3.2",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "7.3.2",
"product": {
"name": "PowerShell 7.3 7.3.2",
"product_id": "12131"
}
}
],
"category": "product_name",
"name": "PowerShell 7.3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c4590.03",
"product_id": "65"
}
},
{
"category": "product_version",
"name": "4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 4590.03",
"product_id": "11650-10483"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 \u003c4590.02",
"product_id": "48"
}
},
{
"category": "product_version",
"name": "4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 4590.02",
"product_id": "11676-11568"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c4590.03",
"product_id": "66"
}
},
{
"category": "product_version",
"name": "4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 4590.03",
"product_id": "11650-10379"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c4590.03",
"product_id": "67"
}
},
{
"category": "product_version",
"name": "4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 4590.03",
"product_id": "11650-10481"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c4590.03",
"product_id": "68"
}
},
{
"category": "product_version",
"name": "4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 4590.03",
"product_id": "11650-10816"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c4590.03",
"product_id": "69"
}
},
{
"category": "product_version",
"name": "4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 4590.03",
"product_id": "11650-10051"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c4590.03",
"product_id": "70"
}
},
{
"category": "product_version",
"name": "4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 4590.03",
"product_id": "11650-10853"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c4590.03",
"product_id": "71"
}
},
{
"category": "product_version",
"name": "4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 4590.03",
"product_id": "11650-10378"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c4590.03",
"product_id": "72"
}
},
{
"category": "product_version",
"name": "4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 4590.03",
"product_id": "11650-10855"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 \u003c4590.02",
"product_id": "49"
}
},
{
"category": "product_version",
"name": "4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 4590.02",
"product_id": "11676-11569"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 \u003c4590.02",
"product_id": "50"
}
},
{
"category": "product_version",
"name": "4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 4590.02",
"product_id": "11676-11570"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 \u003c4590.02",
"product_id": "51"
}
},
{
"category": "product_version",
"name": "4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 4590.02",
"product_id": "11676-11571"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c4590.03",
"product_id": "73"
}
},
{
"category": "product_version",
"name": "4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 4590.03",
"product_id": "11650-10048"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 \u003c4590.02",
"product_id": "52"
}
},
{
"category": "product_version",
"name": "4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 4590.02",
"product_id": "11676-11572"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c4590.03",
"product_id": "74"
}
},
{
"category": "product_version",
"name": "4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 4590.03",
"product_id": "11650-10049"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c4590.03",
"product_id": "75"
}
},
{
"category": "product_version",
"name": "4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 4590.03",
"product_id": "11650-10047"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 \u003c4590.02",
"product_id": "53"
}
},
{
"category": "product_version",
"name": "4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 4590.02",
"product_id": "11676-11897"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c4590.03",
"product_id": "76"
}
},
{
"category": "product_version",
"name": "4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 4590.03",
"product_id": "11650-10543"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 \u003c4590.02",
"product_id": "54"
}
},
{
"category": "product_version",
"name": "4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 4590.02",
"product_id": "11676-11896"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 \u003c4590.02",
"product_id": "55"
}
},
{
"category": "product_version",
"name": "4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 4590.02",
"product_id": "11676-11898"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 \u003c4590.02",
"product_id": "56"
}
},
{
"category": "product_version",
"name": "4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 4590.02",
"product_id": "11676-11923"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 \u003c4590.02",
"product_id": "57"
}
},
{
"category": "product_version",
"name": "4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 4590.02",
"product_id": "11676-11924"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 \u003c4590.02",
"product_id": "58"
}
},
{
"category": "product_version",
"name": "4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 4590.02",
"product_id": "11676-11801"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 \u003c4590.02",
"product_id": "59"
}
},
{
"category": "product_version",
"name": "4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 4590.02",
"product_id": "11676-11802"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 \u003c4590.02",
"product_id": "60"
}
},
{
"category": "product_version",
"name": "4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 4590.02",
"product_id": "11676-11926"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 \u003c4590.02",
"product_id": "61"
}
},
{
"category": "product_version",
"name": "4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 4590.02",
"product_id": "11676-11930"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 \u003c4590.02",
"product_id": "62"
}
},
{
"category": "product_version",
"name": "4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 4590.02",
"product_id": "11676-11929"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 \u003c4590.02",
"product_id": "63"
}
},
{
"category": "product_version",
"name": "4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 4590.02",
"product_id": "11676-11927"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c04590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.7.2 \u003c04590.02",
"product_id": "43"
}
},
{
"category": "product_version",
"name": "04590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.7.2 04590.02",
"product_id": "11677-11568"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 \u003c4590.02",
"product_id": "64"
}
},
{
"category": "product_version",
"name": "4590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8 4590.02",
"product_id": "11676-11931"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c04590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.7.2 \u003c04590.02",
"product_id": "44"
}
},
{
"category": "product_version",
"name": "04590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.7.2 04590.02",
"product_id": "11677-11570"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c04590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.7.2 \u003c04590.02",
"product_id": "45"
}
},
{
"category": "product_version",
"name": "04590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.7.2 04590.02",
"product_id": "11677-11572"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c04590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.7.2 \u003c04590.02",
"product_id": "46"
}
},
{
"category": "product_version",
"name": "04590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.7.2 04590.02",
"product_id": "11677-11571"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c04590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.7.2 \u003c04590.02",
"product_id": "47"
}
},
{
"category": "product_version",
"name": "04590.02",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.7.2 04590.02",
"product_id": "11677-11569"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c4590.03",
"product_id": "77"
}
},
{
"category": "product_version",
"name": "4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 4590.03",
"product_id": "11650-10484"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c4590.03",
"product_id": "78"
}
},
{
"category": "product_version",
"name": "4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 4590.03",
"product_id": "11650-10852"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c4590.03",
"product_id": "79"
}
},
{
"category": "product_version",
"name": "4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 4590.03",
"product_id": "11650-10482"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c9115.01",
"product_id": "10"
}
},
{
"category": "product_version",
"name": "9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 9115.01",
"product_id": "12079-11923"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c9115.01",
"product_id": "11"
}
},
{
"category": "product_version",
"name": "9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 9115.01",
"product_id": "12079-11924"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c9115.01",
"product_id": "12"
}
},
{
"category": "product_version",
"name": "9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 9115.01",
"product_id": "12079-11926"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c9115.01",
"product_id": "13"
}
},
{
"category": "product_version",
"name": "9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 9115.01",
"product_id": "12079-11927"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c30729.8953",
"product": {
"name": "Microsoft .NET Framework 2.0 Service Pack 2 \u003c30729.8953",
"product_id": "87"
}
},
{
"category": "product_version",
"name": "30729.8953",
"product": {
"name": "Microsoft .NET Framework 2.0 Service Pack 2 30729.8953",
"product_id": "9292-9312"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 2.0 Service Pack 2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c30729.8953",
"product": {
"name": "Microsoft .NET Framework 2.0 Service Pack 2 \u003c30729.8953",
"product_id": "88"
}
},
{
"category": "product_version",
"name": "30729.8953",
"product": {
"name": "Microsoft .NET Framework 2.0 Service Pack 2 30729.8953",
"product_id": "9292-9318"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 2.0 Service Pack 2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c30729.8953",
"product": {
"name": "Microsoft .NET Framework 3.0 Service Pack 2 \u003c30729.8953",
"product_id": "89"
}
},
{
"category": "product_version",
"name": "30729.8953",
"product": {
"name": "Microsoft .NET Framework 3.0 Service Pack 2 30729.8953",
"product_id": "9195-9318"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.0 Service Pack 2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c30729.8953",
"product": {
"name": "Microsoft .NET Framework 3.0 Service Pack 2 \u003c30729.8953",
"product_id": "90"
}
},
{
"category": "product_version",
"name": "30729.8953",
"product": {
"name": "Microsoft .NET Framework 3.0 Service Pack 2 30729.8953",
"product_id": "9195-9312"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.0 Service Pack 2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c30729.8953",
"product": {
"name": "Microsoft .NET Framework 3.5 \u003c30729.8953",
"product_id": "91"
}
},
{
"category": "product_version",
"name": "30729.8953",
"product": {
"name": "Microsoft .NET Framework 3.5 30729.8953",
"product_id": "2472-10482"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c30729.8953",
"product": {
"name": "Microsoft .NET Framework 3.5 \u003c30729.8953",
"product_id": "92"
}
},
{
"category": "product_version",
"name": "30729.8953",
"product": {
"name": "Microsoft .NET Framework 3.5 30729.8953",
"product_id": "2472-10481"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c30729.8953",
"product": {
"name": "Microsoft .NET Framework 3.5 \u003c30729.8953",
"product_id": "93"
}
},
{
"category": "product_version",
"name": "30729.8953",
"product": {
"name": "Microsoft .NET Framework 3.5 30729.8953",
"product_id": "2472-10483"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c30729.8953",
"product": {
"name": "Microsoft .NET Framework 3.5 \u003c30729.8953",
"product_id": "94"
}
},
{
"category": "product_version",
"name": "30729.8953",
"product": {
"name": "Microsoft .NET Framework 3.5 30729.8953",
"product_id": "2472-10378"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c30729.8953",
"product": {
"name": "Microsoft .NET Framework 3.5 \u003c30729.8953",
"product_id": "95"
}
},
{
"category": "product_version",
"name": "30729.8953",
"product": {
"name": "Microsoft .NET Framework 3.5 30729.8953",
"product_id": "2472-10379"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c30729.8953",
"product": {
"name": "Microsoft .NET Framework 3.5 \u003c30729.8953",
"product_id": "96"
}
},
{
"category": "product_version",
"name": "30729.8953",
"product": {
"name": "Microsoft .NET Framework 3.5 30729.8953",
"product_id": "2472-10543"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c30729.8953",
"product": {
"name": "Microsoft .NET Framework 3.5.1 \u003c30729.8953",
"product_id": "83"
}
},
{
"category": "product_version",
"name": "30729.8953",
"product": {
"name": "Microsoft .NET Framework 3.5.1 30729.8953",
"product_id": "9495-10047"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c30729.8953",
"product": {
"name": "Microsoft .NET Framework 3.5.1 \u003c30729.8953",
"product_id": "84"
}
},
{
"category": "product_version",
"name": "30729.8953",
"product": {
"name": "Microsoft .NET Framework 3.5.1 30729.8953",
"product_id": "9495-10048"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c30729.8953",
"product": {
"name": "Microsoft .NET Framework 3.5.1 \u003c30729.8953",
"product_id": "85"
}
},
{
"category": "product_version",
"name": "30729.8953",
"product": {
"name": "Microsoft .NET Framework 3.5.1 30729.8953",
"product_id": "9495-10051"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c30729.8953",
"product": {
"name": "Microsoft .NET Framework 3.5.1 \u003c30729.8953",
"product_id": "86"
}
},
{
"category": "product_version",
"name": "30729.8953",
"product": {
"name": "Microsoft .NET Framework 3.5.1 30729.8953",
"product_id": "9495-10049"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c4590.03",
"product_id": "80"
}
},
{
"category": "product_version",
"name": "4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 4590.03",
"product_id": "11650-12098"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c4590.03",
"product_id": "81"
}
},
{
"category": "product_version",
"name": "4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 4590.03",
"product_id": "11650-12099"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c4590.03",
"product_id": "82"
}
},
{
"category": "product_version",
"name": "4590.03",
"product": {
"name": "Microsoft .NET Framework 4.8 4590.03",
"product_id": "11650-12097"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4010.03",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 \u003c4010.03",
"product_id": "31"
}
},
{
"category": "product_version",
"name": "4010.03",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 4010.03",
"product_id": "11863-10047"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4010.03",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 \u003c4010.03",
"product_id": "32"
}
},
{
"category": "product_version",
"name": "4010.03",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 4010.03",
"product_id": "11863-10379"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4010.03",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 \u003c4010.03",
"product_id": "33"
}
},
{
"category": "product_version",
"name": "4010.03",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 4010.03",
"product_id": "11863-10378"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4010.03",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 \u003c4010.03",
"product_id": "34"
}
},
{
"category": "product_version",
"name": "4010.03",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 4010.03",
"product_id": "11863-10049"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4010.03",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 \u003c4010.03",
"product_id": "35"
}
},
{
"category": "product_version",
"name": "4010.03",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 4010.03",
"product_id": "11863-10483"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4010.03",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 \u003c4010.03",
"product_id": "36"
}
},
{
"category": "product_version",
"name": "4010.03",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 4010.03",
"product_id": "11863-10543"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4010.03",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 \u003c4010.03",
"product_id": "37"
}
},
{
"category": "product_version",
"name": "4010.03",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 4010.03",
"product_id": "11863-10481"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4010.03",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 \u003c4010.03",
"product_id": "38"
}
},
{
"category": "product_version",
"name": "4010.03",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 4010.03",
"product_id": "11863-10048"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4010.03",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 \u003c4010.03",
"product_id": "39"
}
},
{
"category": "product_version",
"name": "4010.03",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 4010.03",
"product_id": "11863-10051"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4010.03",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 \u003c4010.03",
"product_id": "40"
}
},
{
"category": "product_version",
"name": "4010.03",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 4010.03",
"product_id": "11863-10484"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4010.03",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 \u003c4010.03",
"product_id": "41"
}
},
{
"category": "product_version",
"name": "4010.03",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 4010.03",
"product_id": "11863-10482"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c04010.03",
"product": {
"name": "Microsoft .NET Framework 4.6.2 \u003c04010.03",
"product_id": "6"
}
},
{
"category": "product_version",
"name": "04010.03",
"product": {
"name": "Microsoft .NET Framework 4.6.2 04010.03",
"product_id": "12115-9312"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c04010.03",
"product": {
"name": "Microsoft .NET Framework 4.6.2 \u003c04010.03",
"product_id": "7"
}
},
{
"category": "product_version",
"name": "04010.03",
"product": {
"name": "Microsoft .NET Framework 4.6.2 04010.03",
"product_id": "12115-10287"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c04010.03",
"product": {
"name": "Microsoft .NET Framework 4.6.2 \u003c04010.03",
"product_id": "8"
}
},
{
"category": "product_version",
"name": "04010.03",
"product": {
"name": "Microsoft .NET Framework 4.6.2 04010.03",
"product_id": "12115-9318"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c04010.03",
"product": {
"name": "Microsoft .NET Framework 4.6.2 \u003c04010.03",
"product_id": "9"
}
},
{
"category": "product_version",
"name": "04010.03",
"product": {
"name": "Microsoft .NET Framework 4.6.2 04010.03",
"product_id": "12115-9344"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c9115.01",
"product_id": "14"
}
},
{
"category": "product_version",
"name": "9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 9115.01",
"product_id": "12079-11931"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c9115.01",
"product_id": "15"
}
},
{
"category": "product_version",
"name": "9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 9115.01",
"product_id": "12079-11930"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c9115.01",
"product_id": "16"
}
},
{
"category": "product_version",
"name": "9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 9115.01",
"product_id": "12079-11897"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c9115.01",
"product_id": "17"
}
},
{
"category": "product_version",
"name": "9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 9115.01",
"product_id": "12079-12099"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c9115.01",
"product_id": "18"
}
},
{
"category": "product_version",
"name": "9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 9115.01",
"product_id": "12079-12086"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c9115.01",
"product_id": "19"
}
},
{
"category": "product_version",
"name": "9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 9115.01",
"product_id": "12079-12098"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c9115.01",
"product_id": "20"
}
},
{
"category": "product_version",
"name": "9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 9115.01",
"product_id": "12079-11929"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c9115.01",
"product_id": "21"
}
},
{
"category": "product_version",
"name": "9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 9115.01",
"product_id": "12079-11898"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c9115.01",
"product_id": "22"
}
},
{
"category": "product_version",
"name": "9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 9115.01",
"product_id": "12079-11802"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c9115.01",
"product_id": "23"
}
},
{
"category": "product_version",
"name": "9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 9115.01",
"product_id": "12079-12085"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c9115.01",
"product_id": "24"
}
},
{
"category": "product_version",
"name": "9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 9115.01",
"product_id": "12079-11896"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c9115.01",
"product_id": "25"
}
},
{
"category": "product_version",
"name": "9115.01",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.8.1 9115.01",
"product_id": "12079-11801"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.10240.19624",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.6/4.6.2 \u003c10.0.10240.19624",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "10.0.10240.19624",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.6/4.6.2 10.0.10240.19624",
"product_id": "12135-10735"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.6/4.6.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.10240.19624",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.6/4.6.2 \u003c10.0.10240.19624",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "10.0.10240.19624",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.6/4.6.2 10.0.10240.19624",
"product_id": "12135-10729"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.6/4.6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41089",
"notes": [
{
"category": "general",
"text": "Microsoft",
"title": "Assigning CNA"
},
{
"category": "faq",
"text": "The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.\nFor example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.",
"title": "According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?"
}
],
"product_status": {
"fixed": [
"11650-10047",
"11650-10048",
"11650-10049",
"11650-10051",
"11650-10378",
"11650-10379",
"11650-10481",
"11650-10482",
"11650-10483",
"11650-10484",
"11650-10543",
"11650-10816",
"11650-10852",
"11650-10853",
"11650-10855",
"11650-12097",
"11650-12098",
"11650-12099",
"11676-11568",
"11676-11569",
"11676-11570",
"11676-11571",
"11676-11572",
"11676-11801",
"11676-11802",
"11676-11896",
"11676-11897",
"11676-11898",
"11676-11923",
"11676-11924",
"11676-11926",
"11676-11927",
"11676-11929",
"11676-11930",
"11676-11931",
"11677-11568",
"11677-11569",
"11677-11570",
"11677-11571",
"11677-11572",
"11730",
"11863-10047",
"11863-10048",
"11863-10049",
"11863-10051",
"11863-10378",
"11863-10379",
"11863-10481",
"11863-10482",
"11863-10483",
"11863-10484",
"11863-10543",
"11935",
"11969",
"11970",
"12009",
"12051",
"12079-11801",
"12079-11802",
"12079-11896",
"12079-11897",
"12079-11898",
"12079-11923",
"12079-11924",
"12079-11926",
"12079-11927",
"12079-11929",
"12079-11930",
"12079-11931",
"12079-12085",
"12079-12086",
"12079-12098",
"12079-12099",
"12115-10287",
"12115-9312",
"12115-9318",
"12115-9344",
"12129",
"12130",
"12131",
"12135-10729",
"12135-10735",
"2472-10378",
"2472-10379",
"2472-10481",
"2472-10482",
"2472-10483",
"2472-10543",
"9195-9312",
"9195-9318",
"9292-9312",
"9292-9318",
"9495-10047",
"9495-10048",
"9495-10049",
"9495-10051"
],
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"32",
"33",
"34",
"35",
"36",
"37",
"38",
"39",
"40",
"41",
"42",
"43",
"44",
"45",
"46",
"47",
"48",
"49",
"50",
"51",
"52",
"53",
"54",
"55",
"56",
"57",
"58",
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"67",
"68",
"69",
"70",
"71",
"72",
"73",
"74",
"75",
"76",
"77",
"78",
"79",
"80",
"81",
"82",
"83",
"84",
"85",
"86",
"87",
"88",
"89",
"90",
"91",
"92",
"93",
"94",
"95",
"96"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-41089 .NET Framework Remote Code Execution Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41089"
},
{
"category": "self",
"summary": "CVE-2022-41089 .NET Framework Remote Code Execution Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2022/msrc_cve-2022-41089.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "17.2.11:Security Update:https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes",
"product_ids": [
"26"
],
"url": "https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "16.11.22:Security Update:https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11",
"product_ids": [
"30"
],
"url": "https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "17.0.17:Security Update:https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.0",
"product_ids": [
"29"
],
"url": "https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.0"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "17.4.3:Security Update:https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes",
"product_ids": [
"5"
],
"url": "https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "6.0.12:Security Update:https://support.microsoft.com/help/5021954",
"product_ids": [
"27"
],
"url": "https://support.microsoft.com/help/5021954"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "3.1.32:Security Update:https://support.microsoft.com/help/5021953",
"product_ids": [
"42"
],
"url": "https://support.microsoft.com/help/5021953"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "7.0.1:Security Update:https://support.microsoft.com/help/5021955",
"product_ids": [
"4"
],
"url": "https://support.microsoft.com/help/5021955"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "7.2.9:Security Update:https://github.com/PowerShell/Announcements/issues/37",
"product_ids": [
"28"
],
"url": "https://github.com/PowerShell/Announcements/issues/37"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "7.3.2:Security Update:https://github.com/PowerShell/Announcements/issues/37",
"product_ids": [
"3"
],
"url": "https://github.com/PowerShell/Announcements/issues/37"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "04590.02:Monthly Rollup:https://support.microsoft.com/help/5021093",
"product_ids": [
"65",
"67",
"76",
"79"
],
"url": "https://support.microsoft.com/help/5021093"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "4590.03:Security Only:https://support.microsoft.com/help/5021081",
"product_ids": [
"65",
"76",
"79"
],
"url": "https://support.microsoft.com/help/5021081"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "04590.02:Security Update:https://support.microsoft.com/help/5021085",
"product_ids": [
"48",
"49",
"50",
"51",
"52",
"44"
],
"url": "https://support.microsoft.com/help/5021085"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "04590.02:Monthly Rollup:https://support.microsoft.com/help/5021092",
"product_ids": [
"66",
"71"
],
"url": "https://support.microsoft.com/help/5021092"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "04590.03:Security Only:https://support.microsoft.com/help/5021080",
"product_ids": [
"66",
"71",
"32",
"33"
],
"url": "https://support.microsoft.com/help/5021080"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "04590.03:Security Only:https://support.microsoft.com/help/5021081",
"product_ids": [
"67"
],
"url": "https://support.microsoft.com/help/5021081"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "04590.02:Security Update:https://support.microsoft.com/help/5020873",
"product_ids": [
"68",
"70",
"72"
],
"url": "https://support.microsoft.com/help/5020873"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "04590.02:Monthly Rollup:https://support.microsoft.com/help/5021091",
"product_ids": [
"69",
"73",
"74",
"75"
],
"url": "https://support.microsoft.com/help/5021091"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "04590.03:Security Only:https://support.microsoft.com/help/5021079",
"product_ids": [
"69",
"73",
"74",
"75"
],
"url": "https://support.microsoft.com/help/5021079"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "04590.04:Security Update:https://support.microsoft.com/help/5021087",
"product_ids": [
"53",
"54",
"55",
"21"
],
"url": "https://support.microsoft.com/help/5021087"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "04590.02:Security Update:https://support.microsoft.com/help/5021095",
"product_ids": [
"56",
"57"
],
"url": "https://support.microsoft.com/help/5021095"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "04590.04:Security Update:https://support.microsoft.com/help/5021086",
"product_ids": [
"58",
"59"
],
"url": "https://support.microsoft.com/help/5021086"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "04590.02:Security Update:https://support.microsoft.com/help/5021090",
"product_ids": [
"60"
],
"url": "https://support.microsoft.com/help/5021090"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "04590.04:Security Update:https://support.microsoft.com/help/5021088",
"product_ids": [
"61",
"62",
"64"
],
"url": "https://support.microsoft.com/help/5021088"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "4590.02:Security Update:https://support.microsoft.com/help/5021090",
"product_ids": [
"63"
],
"url": "https://support.microsoft.com/help/5021090"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "04010.02:Security Update:https://support.microsoft.com/help/5021085",
"product_ids": [
"43",
"45",
"46",
"47"
],
"url": "https://support.microsoft.com/help/5021085"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "04590.02:Monthly Rollup:https://support.microsoft.com/help/5021093",
"product_ids": [
"77"
],
"url": "https://support.microsoft.com/help/5021093"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "04590.02:Monthly Rollup:https://support.microsoft.com/help/5020873",
"product_ids": [
"78"
],
"url": "https://support.microsoft.com/help/5020873"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "09115.01:Security Update:https://support.microsoft.com/help/5021095",
"product_ids": [
"10",
"11"
],
"url": "https://support.microsoft.com/help/5021095"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "09115.01:Security Update:https://support.microsoft.com/help/5021090",
"product_ids": [
"12"
],
"url": "https://support.microsoft.com/help/5021090"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "9115.01:Security Update:https://support.microsoft.com/help/5021090",
"product_ids": [
"13"
],
"url": "https://support.microsoft.com/help/5021090"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "30729.8953:Monthly Rollup:https://support.microsoft.com/help/5021094",
"product_ids": [
"87",
"88",
"89",
"90"
],
"url": "https://support.microsoft.com/help/5021094"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "30729.8953:Security Only:https://support.microsoft.com/help/5021082",
"product_ids": [
"87",
"88",
"89",
"90"
],
"url": "https://support.microsoft.com/help/5021082"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "30729.8953:Monthly Rollup:https://support.microsoft.com/help/5021093",
"product_ids": [
"91",
"92",
"93",
"96",
"37"
],
"url": "https://support.microsoft.com/help/5021093"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "30729.8953:Security Only:https://support.microsoft.com/help/5021081",
"product_ids": [
"91",
"92",
"93",
"96"
],
"url": "https://support.microsoft.com/help/5021081"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "30729.8953:Monthly Rollup:https://support.microsoft.com/help/5021092",
"product_ids": [
"94",
"95"
],
"url": "https://support.microsoft.com/help/5021092"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "30729.8953:Security Only:https://support.microsoft.com/help/5021080",
"product_ids": [
"94",
"95"
],
"url": "https://support.microsoft.com/help/5021080"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "30729.8953:Monthly Rollup:https://support.microsoft.com/help/5021091",
"product_ids": [
"83",
"84",
"85",
"86"
],
"url": "https://support.microsoft.com/help/5021091"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "30729.8953:Security Only:https://support.microsoft.com/help/5021079",
"product_ids": [
"83",
"84",
"85",
"86"
],
"url": "https://support.microsoft.com/help/5021079"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "04590.04:Security Update:https://support.microsoft.com/help/5021089",
"product_ids": [
"80",
"81",
"82"
],
"url": "https://support.microsoft.com/help/5021089"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "04010.02:Monthly Rollup:https://support.microsoft.com/help/5021091",
"product_ids": [
"31",
"34",
"38",
"39"
],
"url": "https://support.microsoft.com/help/5021091"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "4010.03:Security Only:https://support.microsoft.com/help/5021079",
"product_ids": [
"31"
],
"url": "https://support.microsoft.com/help/5021079"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "04010.02:Monthly Rollup:https://support.microsoft.com/help/5021092",
"product_ids": [
"32",
"33"
],
"url": "https://support.microsoft.com/help/5021092"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "04010.03:Security Only:https://support.microsoft.com/help/5021079",
"product_ids": [
"34",
"38",
"39"
],
"url": "https://support.microsoft.com/help/5021079"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "04010.02:Monthly Rollup:https://support.microsoft.com/help/5021093",
"product_ids": [
"35",
"36",
"41"
],
"url": "https://support.microsoft.com/help/5021093"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "4010.03:Security Only:https://support.microsoft.com/help/5021081",
"product_ids": [
"35",
"36",
"41"
],
"url": "https://support.microsoft.com/help/5021081"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "04010.03:Security Only:https://support.microsoft.com/help/5021081",
"product_ids": [
"37"
],
"url": "https://support.microsoft.com/help/5021081"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "04010.02:Monthly Rollup:https://support.microsoft.com/help/5021093",
"product_ids": [
"40"
],
"url": "https://support.microsoft.com/help/5021093"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "04010.02:Monthly Rollup:https://support.microsoft.com/help/5021094",
"product_ids": [
"6",
"7",
"8",
"9"
],
"url": "https://support.microsoft.com/help/5021094"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "04010.03:Security Only:https://support.microsoft.com/help/5021082",
"product_ids": [
"6",
"7"
],
"url": "https://support.microsoft.com/help/5021082"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "04010.03:Security Only:https://support.microsoft.com/help/5021082",
"product_ids": [
"8",
"9"
],
"url": "https://support.microsoft.com/help/5021082"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "09115.01:Security Update:https://support.microsoft.com/help/5021088",
"product_ids": [
"14",
"15",
"20"
],
"url": "https://support.microsoft.com/help/5021088"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "09115.01:Security Update:https://support.microsoft.com/help/5021087",
"product_ids": [
"16",
"24"
],
"url": "https://support.microsoft.com/help/5021087"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "09115.01:Security Update:https://support.microsoft.com/help/5021089",
"product_ids": [
"17",
"19"
],
"url": "https://support.microsoft.com/help/5021089"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "09115.01:Security Update:https://support.microsoft.com/help/5020880",
"product_ids": [
"18",
"23"
],
"url": "https://support.microsoft.com/help/5020880"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "09115.01:Security Update:https://support.microsoft.com/help/5021086",
"product_ids": [
"22",
"25"
],
"url": "https://support.microsoft.com/help/5021086"
},
{
"category": "vendor_fix",
"date": "2022-12-13T08:00:00.000Z",
"details": "10.0.10240.19624:Security Update:https://support.microsoft.com/help/5021243",
"product_ids": [
"1",
"2"
],
"url": "https://support.microsoft.com/help/5021243"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"32",
"33",
"34",
"35",
"36",
"37",
"38",
"39",
"40",
"41",
"42",
"43",
"44",
"45",
"46",
"47",
"48",
"49",
"50",
"51",
"52",
"53",
"54",
"55",
"56",
"57",
"58",
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"67",
"68",
"69",
"70",
"71",
"72",
"73",
"74",
"75",
"76",
"77",
"78",
"79",
"80",
"81",
"82",
"83",
"84",
"85",
"86",
"87",
"88",
"89",
"90",
"91",
"92",
"93",
"94",
"95",
"96"
]
}
],
"threats": [
{
"category": "impact",
"details": "Remote Code Execution"
},
{
"category": "exploit_status",
"details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely"
}
],
"title": ".NET Framework Remote Code Execution Vulnerability"
}
]
}
VAR-202212-1469
Vulnerability from variot - Updated: 2023-12-18 12:15.NET Framework Remote Code Execution Vulnerability. Microsoft .NET Framework是美国微软(Microsoft)公司的一种全面且一致的编程模型,也是一个用于构建Windows、Windows Store、Windows Phone、Windows Server和Microsoft Azure的应用程序的开发平台。该平台包括C#和Visual Basic编程语言、公共语言运行库和广泛的类库
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202212-1469",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.8.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.7.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.7.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.6"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.5"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.7"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.6.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.5.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.6.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.8"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2022 17.0"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2019 16.11 (includes 16.0 - 16.10)"
},
{
"model": ".net core",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": ".net",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2022 17.4"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2022 17.2"
},
{
"model": "microsoft .net framework",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002812"
},
{
"db": "NVD",
"id": "CVE-2022-41089"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:sp1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-41089"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nick Landers\u003c/a\u003e with NetSPI,Eleftherios Panos\u003c/a\u003e with Nettitude\u003c/a\u003e",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-2976"
}
],
"trust": 0.6
},
"cve": "CVE-2022-41089",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-002812",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-41089",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "secure@microsoft.com",
"id": "CVE-2022-41089",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-002812",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202212-2976",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002812"
},
{
"db": "NVD",
"id": "CVE-2022-41089"
},
{
"db": "NVD",
"id": "CVE-2022-41089"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2976"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET Framework Remote Code Execution Vulnerability. Microsoft .NET Framework\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u79cd\u5168\u9762\u4e14\u4e00\u81f4\u7684\u7f16\u7a0b\u6a21\u578b\uff0c\u4e5f\u662f\u4e00\u4e2a\u7528\u4e8e\u6784\u5efaWindows\u3001Windows Store\u3001Windows Phone\u3001Windows Server\u548cMicrosoft Azure\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u5f00\u53d1\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u5305\u62ecC\uff03\u548cVisual Basic\u7f16\u7a0b\u8bed\u8a00\u3001\u516c\u5171\u8bed\u8a00\u8fd0\u884c\u5e93\u548c\u5e7f\u6cdb\u7684\u7c7b\u5e93",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-41089"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002812"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2976"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-41089",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002812",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2976",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002812"
},
{
"db": "NVD",
"id": "CVE-2022-41089"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2976"
}
]
},
"id": "VAR-202212-1469",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.21178882
},
"last_update_date": "2023-12-18T12:15:06.902000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": ".NET\u00a0Framework\u00a0Remote\u00a0Code\u00a0Execution\u00a0Vulnerability Security Update Guide",
"trust": 0.8,
"url": "https://msrc.microsoft.com/update-guide/en-us/vulnerability/cve-2022-41089"
},
{
"title": "Microsoft .NET Framework Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=217209"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002812"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2976"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002812"
},
{
"db": "NVD",
"id": "CVE-2022-41089"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2022-41089"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41089"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20221214-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2022/at220034.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-net-visual-studio-code-execution-40100"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-41089/"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-41089"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002812"
},
{
"db": "NVD",
"id": "CVE-2022-41089"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2976"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002812"
},
{
"db": "NVD",
"id": "CVE-2022-41089"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2976"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002812"
},
{
"date": "2022-12-13T19:15:12.090000",
"db": "NVD",
"id": "CVE-2022-41089"
},
{
"date": "2022-12-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-2976"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-20T07:31:00",
"db": "JVNDB",
"id": "JVNDB-2022-002812"
},
{
"date": "2023-11-17T17:39:58.597000",
"db": "NVD",
"id": "CVE-2022-41089"
},
{
"date": "2022-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-2976"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-2976"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Microsoft\u00a0 Remote code execution vulnerability in product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002812"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-2976"
}
],
"trust": 0.6
}
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…