Vulnerability in Microsoft .Net Framework 3.5
CVE-2019-1142
An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations, aka '.NET Framework Elevation of Privilege Vulnerability'.
EPSS: 0.005 (64.7th percentile) — read the EPSS interpretation.
Affected products
- Microsoft .Net Framework 3.5 — versions Windows Server 2012, Windows Server 2012 (Server Core installation), Windows 8.1 for 32-bit systems
- Microsoft .Net Framework 3.5 And 4.7.2 On Windows 10 Version 1809 For 32-bit Systems — versions unspecified
- Microsoft .Net Framework 3.5 And 4.7.2 On Windows 10 Version 1809 For X64-based Systems — versions unspecified
- Microsoft .Net Framework 3.5 And 4.7.2 On Windows Server 2019 — versions unspecified
- Microsoft .Net Framework 3.5 And 4.7.2 On Windows Server 2019 (Server Core Installation) — versions unspecified
- Microsoft .Net Framework 3.5 And 4.8 On Windows 10 Version 1809 For 32-bit Systems — versions unspecified
- Microsoft .Net Framework 3.5 And 4.8 On Windows 10 Version 1809 For X64-based Systems — versions unspecified
- Microsoft .Net Framework 3.5 And 4.8 On Windows 10 Version 1903 For 32-bit Systems — versions unspecified
- Microsoft .Net Framework 3.5 And 4.8 On Windows 10 Version 1903 For X64-based Systems — versions unspecified
- Microsoft .Net Framework 3.5 And 4.8 On Windows Server 2019 — versions unspecified
Public proof-of-concept exploits
References
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1142 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2019-1142?
- CVE-2019-1142 is a vulnerability in Microsoft .Net Framework 3.5. Published 2019-09-11.
- Is CVE-2019-1142 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.