What is CVE-2017-0160?

CVE-2017-0160 is a high-severity vulnerability in Microsoft .Net_framework. CVSS score: 7.8/10. Published 2017-04-12.

How severe is CVE-2017-0160?

High severity. CVSS v3 base score is 7.8 out of 10.

Is CVE-2017-0160 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft .Net_framework

CVE-2017-0160

Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability."

EPSS: 0.130 (94.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Microsoft .Net_framework — versions 2.0, 3.5, 3.5.1
Microsoft Corporation .Net Framework — versions .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7

Public proof-of-concept exploits

References

secure@microsoft.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
secure@microsoft.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
secure@microsoft.com (exploit, x_refsource_EXPLOIT-DB)
secure@microsoft.com (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2017-0160?: CVE-2017-0160 is a high-severity vulnerability in Microsoft .Net_framework. CVSS score: 7.8/10. Published 2017-04-12.
How severe is CVE-2017-0160?: High severity. CVSS v3 base score is 7.8 out of 10.
Is CVE-2017-0160 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.