CVE-2019-1113

EUVD-2019-9690
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Affected Products (NVD)
VendorProductVersion
microsoft.net_framework
2.0:sp2
microsoft.net_framework
3.0:sp2
microsoft.net_framework
3.5
microsoft.net_framework
3.5
microsoft.net_framework
4.7.2
microsoft.net_framework
3.5
microsoft.net_framework
4.8
microsoft.net_framework
3.5.1
microsoft.net_framework
4.5.2
microsoft.net_framework
4.6
microsoft.net_framework
4.6
microsoft.net_framework
4.6.1
microsoft.net_framework
4.6.2
microsoft.net_framework
4.7
microsoft.net_framework
4.7.1
microsoft.net_framework
4.7.2
microsoft.net_framework
4.8
microsoftvisual_studio_2017
-
microsoftvisual_studio_2017
15.9
microsoftvisual_studio_2017
16.0
microsoftvisual_studio_2017
16.1
microsoft.net_framework
4.6
microsoft.net_framework
4.6.1
microsoft.net_framework
4.6.2
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB4507458
1607 (x64, x86)
KB4506986
1607 (x64, x86)
KB4507460
1703 (x64, x86)
KB4507450
1703 (x64)
KB4506986
1703 (x86)
KB4506987
1709 (x64, x86)
KB4507455
1709 (x64)
KB4506986
1709 (x86)
KB4506988
1803 (x64, x86)
KB4507435
1803 (x64, x86)
KB4506989
1809 (x64, x86)
KB4507419
1903 (x64, x86)
KB4506991
Windows 7
Service Pack 1 (x64, x86)
KB4507420
Windows 8.1
(x64, x86)
KB4507422
(x64, x86)
KB4507413
Windows RT 8.1
All
KB4507422
Windows Server
1803 Server Core
KB4507435
1803 Server Core
KB4506989
1903 Server Core
KB4506991
Windows Server 2008
Service Pack 2 (x64, x86)
KB4507423
Windows Server 2008 R2
Service Pack 1 (x64)
KB4507420
Service Pack 1 Server Core (x64)
KB4507420
Windows Server 2012
Server Core
KB4507421
Standard
KB4507421
Windows Server 2012 R2
Server Core
KB4507422
Server Core
KB4507413
Standard
KB4507422
Standard
KB4507413
Windows Server 2016
Server Core
KB4507460
Server Core
KB4506986
Standard
KB4507460
Standard
KB4506986
Windows Server 2019
Server Core
KB4507419
Standard
KB4507419
Common Weakness Enumeration
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1113
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1113