CVE-2018-8421

EUVD-2018-20057
A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Affected Products (NVD)
VendorProductVersion
microsoft.net_framework
2.0:sp2
microsoft.net_framework
3.0:sp2
microsoft.net_framework
3.5
microsoft.net_framework
3.5.1
microsoft.net_framework
4.5.2
microsoft.net_framework
4.5.2
microsoft.net_framework
4.6
microsoft.net_framework
4.6.2
microsoft.net_framework
4.7
microsoft.net_framework
4.7.1
microsoft.net_framework
4.7.2
microsoft.net_framework
4.6
microsoft.net_framework
4.6.1
microsoft.net_framework
4.6.2
microsoft.net_framework
4.7
microsoft.net_framework
4.7.1
microsoft.net_framework
4.7.2
microsoft.net_framework
4.7.1
microsoft.net_framework
4.7.2
microsoft.net_framework
4.7.2
microsoft.net_framework
4.7
microsoft.net_framework
4.7.1
microsoft.net_framework
4.7.2
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB4457132
1607 (x64, x86)
KB4457131
1703 (x64, x86)
KB4457138
1709 (x64, x86)
KB4457142
1803 (x64, x86)
KB4457128
Windows 7
Service Pack 1 (x64, x86)
KB4457035
Service Pack 1 (x64, x86)
KB4457055
Service Pack 1 (x64, x86)
KB4457038
Windows 8.1
(x64, x86)
KB4457056
(x64, x86)
KB4457036
(x64, x86)
KB4457028
(x64, x86)
KB4457034
(x64, x86)
KB4457026
Windows RT 8.1
All
KB4457036
All
KB4457034
Windows Server
1709 Server Core
KB4457142
1803 Server Core
KB4457128
Windows Server 2008
Service Pack 2 (x64, x86)
KB4457054
Service Pack 2 (x64, x86)
KB4457035
Service Pack 2 (x64, x86)
KB4457038
Windows Server 2008 R2
Service Pack 1 (x64)
KB4457055
Service Pack 1 (x64)
KB4457035
Service Pack 1 (x64)
KB4457038
Service Pack 1 Server Core (x64)
KB4457035
Service Pack 1 Server Core (x64)
KB4457055
Service Pack 1 Server Core (x64)
KB4457038
Windows Server 2012
Server Core
KB4457053
Server Core
KB4457037
Server Core
KB4457033
Standard
KB4457053
Standard
KB4457037
Standard
KB4457033
Windows Server 2012 R2
Server Core
KB4457056
Server Core
KB4457036
Server Core
KB4457028
Server Core
KB4457034
Server Core
KB4457026
Standard
KB4457056
Standard
KB4457036
Standard
KB4457028
Standard
KB4457034
Standard
KB4457026
Windows Server 2016
Server Core
KB4457131
Standard
KB4457131
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/105222
http://www.securitytracker.com/id/1041636
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8421
http://www.securityfocus.com/bid/105222
http://www.securitytracker.com/id/1041636
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8421