A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2.
http://www.securityfocus.com/bid/104060
http://www.securitytracker.com/id/1040851
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0765
Source: MITRE
Published: 2018-05-09
Updated: 2018-06-14
Type: CWE-611
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 3.9
Severity: HIGH
OR
AND
OR
OR
AND
OR
OR
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
AND
OR
OR
AND
OR
OR
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
AND
OR
OR
AND
OR
cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
OR
AND
OR
cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
OR
AND
OR
cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
OR
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
AND
OR
OR
AND
OR
OR
AND
OR
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
109732 | Security Update for .NET Core SDK (May 2018) | Nessus | Windows | medium |
109731 | Security Update for ASP.NET Core (May 2018) | Nessus | Windows | medium |
109652 | Security Updates for Microsoft .NET Framework (May 2018) | Nessus | Windows : Microsoft Bulletins | medium |
109611 | KB4103731: Windows 10 Version 1703 May 2018 Security Update | Nessus | Windows : Microsoft Bulletins | high |
109610 | KB4103726: Windows Server 2012 May 2018 Security Update | Nessus | Windows : Microsoft Bulletins | high |
109608 | KB4103727: Windows 10 Version 1709 and Windows Server Version 1709 May 2018 Security Update | Nessus | Windows : Microsoft Bulletins | high |
109607 | KB4103715: Windows 8.1 and Windows Server 2012 R2 May 2018 Security Update | Nessus | Windows : Microsoft Bulletins | high |
109606 | KB4103723: Windows 10 Version 1607 and Windows Server 2016 May 2018 Security Update | Nessus | Windows : Microsoft Bulletins | high |
109605 | KB4103721: Windows 10 Version 1803 and Windows Server Version 1803 May 2018 Security Update | Nessus | Windows : Microsoft Bulletins | high |
109604 | KB4103712: Windows 7 and Windows Server 2008 R2 May 2018 Security Update | Nessus | Windows : Microsoft Bulletins | high |
109603 | KB4103716: Windows 10 May 2018 Security Update | Nessus | Windows : Microsoft Bulletins | high |