CVE-2018-8284

Published: Jul 11, 2018Modified: Nov 21, 2024

8.1

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.

Affected (19)

Products: Microsoft: .net Framework, Project Server, Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server

Microsoft

5 products

.net Framework

Project Server

Sharepoint Enterprise Server

Sharepoint Foundation

Sharepoint Server

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft .net Framework	Version 2.0 sp2
Microsoft .net Framework	Version 3.0 sp2

Running on/with	Platform Versions
Microsoft Windows Server 2008	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft .net Framework	Version 3.5

Running on/with	Platform Versions
Microsoft Windows Server 2016	All versions

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft .net Framework	Version 3.5.1

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft .net Framework	Version 4.5.2

Configuration E

1 platform

Running on/with	Platform Versions
Microsoft Windows Server 2008	All versions

Configuration F

2 platform

Running on/with	Platform Versions
Microsoft Windows 10	Version 1607
Microsoft Windows Server 2016	All versions

Configuration G

1 platform

Running on/with	Platform Versions
Microsoft Windows 10	All versions

Configuration H

3 vulnerable · 6 platform

Vulnerable Software	Affected Versions
Microsoft .net Framework	Version 4.6.1
Microsoft .net Framework	Version 4.6.2
Microsoft .net Framework	Version 4.6

Running on/with	Platform Versions
Microsoft Windows 7	All versions
Microsoft Windows 8.1	All versions
Microsoft Windows Rt 8.1	All versions
Microsoft Windows Server 2008	Version r2 sp1
Microsoft Windows Server 2012	All versions
Microsoft Windows Server 2012	Version r2

Configuration I

2 platform

Running on/with	Platform Versions
Microsoft Windows 10	Version 1709
Microsoft Windows Server	Version 1709

Configuration J

2 platform

Running on/with	Platform Versions
Microsoft Windows 10	Version 1803
Microsoft Windows Server	Version 1803

Configuration K

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft .net Framework	Version 4.7.1
Microsoft .net Framework	Version 4.7.2
Microsoft .net Framework	Version 4.7

Running on/with	Platform Versions
Microsoft Windows 10	Version 1703

Configuration L

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Project Server	Version 2010 sp2
Microsoft Project Server	Version 2013 sp1

Configuration M

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Sharepoint Enterprise Server	Version 2013 sp1
Microsoft Sharepoint Enterprise Server	Version 2016

Configuration N

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Sharepoint Foundation	Version 2010 sp2
Microsoft Sharepoint Foundation	Version 2013 sp1

Configuration O

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Sharepoint Server	Version 2010 sp2
Microsoft Sharepoint Server	Version 2013 sp1

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (6)

http://www.securityfocus.com/bid/104667

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041257

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8284

Source: secure@microsoft.com

PatchVendor Advisory

http://www.securityfocus.com/bid/104667

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041257

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8284

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.