Information disclosure in Microsoft .Net_framework

CVE-2015-6096

The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML…

Vulnerability class: Information Disclosure

EPSS: 0.610 (99.0th percentile) — read the EPSS interpretation.

Affected products

Microsoft .Net_framework — versions 2.0, 3.5, 3.5.1
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

MS15-118 (x_refsource_MS, vendor-advisory)
1034116 (vdb-entry, x_refsource_SECTRACK)