Security Updates for Microsoft .NET Framework (September 2018)

Medium Nessus Plugin ID 117431

Synopsis

The Microsoft .NET Framework installation on the remote host is missing a security update.

Description

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2018-8421)

Solution

Microsoft has released security updates for Microsoft .NET Framework.

See Also

http://www.nessus.org/u?ad8ca318

http://www.nessus.org/u?fed37122

http://www.nessus.org/u?60a8394d

http://www.nessus.org/u?13887e06

http://www.nessus.org/u?db0b04e3

http://www.nessus.org/u?c1b632e4

http://www.nessus.org/u?a8e356c6

http://www.nessus.org/u?ba8fc7a2

http://www.nessus.org/u?f54e1cd2

http://www.nessus.org/u?49559bb8

http://www.nessus.org/u?dee71c23

http://www.nessus.org/u?ed0492e1

http://www.nessus.org/u?6d088a5e

http://www.nessus.org/u?8e9df1b4

http://www.nessus.org/u?db9cdb46

http://www.nessus.org/u?449d58e9

http://www.nessus.org/u?3cc1fccb

http://www.nessus.org/u?df971ee0

http://www.nessus.org/u?3ea99582

http://www.nessus.org/u?d4fb28dc

http://www.nessus.org/u?0e99f7d4

http://www.nessus.org/u?3dc3e58e

http://www.nessus.org/u?625cb458

http://www.nessus.org/u?77405e03

http://www.nessus.org/u?dd34e6e6

Plugin Details

Severity: Medium

ID: 117431

File Name: smb_nt_ms18_sep_dotnet.nasl

Version: 1.4

Type: local

Agent: windows

Published: 2018/09/12

Modified: 2018/09/17

Dependencies: 13855, 99364, 51351, 57033

Risk Information

Risk Factor: Medium

CVSS Score Source: manual

CVSS Score Rationale: Nvd score unavailable. assigned score for local rce.

CVSS v2.0

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 8.4

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:microsoft:.net_framework

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Patch Publication Date: 2018/09/11

Vulnerability Publication Date: 2018/09/11

Reference Information

CVE: CVE-2018-8421

MSKB: 4457035, 4457038, 4457033, 4457142, 4457030, 4457025, 4457027, 4457026, 4457043, 4457028, 4457128, 4457045, 4457044, 4457132, 4457131, 4457036, 4457037, 4457034, 4457053, 4457054, 4457055, 4457056, 4457138, 4457029, 4457042

MSFT: MS18-4457035, MS18-4457038, MS18-4457033, MS18-4457142, MS18-4457030, MS18-4457025, MS18-4457027, MS18-4457026, MS18-4457043, MS18-4457028, MS18-4457128, MS18-4457045, MS18-4457044, MS18-4457132, MS18-4457131, MS18-4457036, MS18-4457037, MS18-4457034, MS18-4457053, MS18-4457054, MS18-4457055, MS18-4457056, MS18-4457138, MS18-4457029, MS18-4457042

IAVA: 2018-A-0295