Vulnerability in Microsoft .Net Framework 2.0
CVE-2019-0657
A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'.
EPSS: 0.080 (92.3th percentile) — read the EPSS interpretation.
Affected products
- Microsoft .Net Framework 2.0 — versions Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2
- Microsoft .Net Framework 3.0 — versions Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2, Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2, Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2
- Microsoft .Net Framework 3.5 — versions Windows Server 2012, Windows Server 2012 (Server Core installation), Windows 8.1 for 32-bit systems
- Microsoft .Net Framework 3.5.1 — versions Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
- Microsoft .Net Framework 4.5.2 — versions Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
- Microsoft .Net Framework 4.6 — versions Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2
- Microsoft .Net Framework 4.6.2/4.7/4.7.1/4.7.2 — versions Windows Server 2016, Windows 10 Version 1607 for 32-bit Systems, Windows 10 Version 1607 for x64-based Systems
- Microsoft .Net Framework 4.6/4.6.1/4.6.2 — versions Windows 10 for 32-bit Systems, Windows 10 for x64-based Systems
- Microsoft .Net Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 — versions Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
- Microsoft .Net Framework 4.7.1/4.7.2 — versions Windows 10 Version 1709 for 32-bit Systems, Windows 10 Version 1709 for x64-based Systems, Windows Server, version 1709 (Server Core Installation)
References
- RHSA-2019:0349 (vendor-advisory, x_refsource_REDHAT)
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657 (x_refsource_CONFIRM)
- 106890 (vdb-entry, x_refsource_BID)