Windows : Microsoft Bulletins : Microsoft .NET Framework Multiple Vulnerabilities (KB4095874)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.813226

Category: Windows : Microsoft Bulletins

Title: Microsoft .NET Framework Multiple Vulnerabilities (KB4095874)

Summary: This host is missing a critical security; update according to Microsoft Security Updates KB4095874.

Description: Summary:
This host is missing a critical security
update according to Microsoft Security Updates KB4095874.

Vulnerability Insight:
Multiple flaws are due to:

- .NET Framework (and .NET Core) components do not completely validate
certificates.

- .NET, and .NET core, improperly process XML documents.

Vulnerability Impact:
Successful exploitation will allow remote
attackers to cause a denial of service against a .NET application and also
to bypass certain security restrictions.

Affected Software/OS:
Microsoft .NET Framework 3.5.1.

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-0765
BugTraq ID: 104060
http://www.securityfocus.com/bid/104060
http://www.securitytracker.com/id/1040851
Common Vulnerability Exposure (CVE) ID: CVE-2018-1039
BugTraq ID: 104072
http://www.securityfocus.com/bid/104072

Copyright Copyright (C) 2018 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.813226
Category:	Windows : Microsoft Bulletins
Title:	Microsoft .NET Framework Multiple Vulnerabilities (KB4095874)
Summary:	This host is missing a critical security; update according to Microsoft Security Updates KB4095874.
Description:	Summary: This host is missing a critical security update according to Microsoft Security Updates KB4095874. Vulnerability Insight: Multiple flaws are due to: - .NET Framework (and .NET Core) components do not completely validate certificates. - .NET, and .NET core, improperly process XML documents. Vulnerability Impact: Successful exploitation will allow remote attackers to cause a denial of service against a .NET application and also to bypass certain security restrictions. Affected Software/OS: Microsoft .NET Framework 3.5.1. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-0765 BugTraq ID: 104060 http://www.securityfocus.com/bid/104060 http://www.securitytracker.com/id/1040851 Common Vulnerability Exposure (CVE) ID: CVE-2018-1039 BugTraq ID: 104072 http://www.securityfocus.com/bid/104072
Copyright	Copyright (C) 2018 Greenbone AG