CVE-2016-0148 — Vulnetix

Try Vulnetix Request Demo

CVE-2016-0148 PUBLISHED CVSS 7.800000190734863 HIGH

Microsoft .NET Framework 4.6 and 4.6.1 mishandles library loading, which allows local users to gain privileges via a crafted application, aka ".NET Framework Remote Code Execution Vulnerability."

EPSS 8.20% · 92.1th percentile

Risk Scores

CVSS v3.0

7.800000190734863

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

8.20%

92.1th percentile

Affected Products

Vendor	Product	Versions
Microsoft	Windows
n/a	n/a	n/a
microsoft	.net_framework	4.6, 4.6.1

Timeline

Apr 12, 2016 CVE Published
Feb 4, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 16, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Aug 20, 2023 EPSS Score
Aug 31, 2023 EPSS Score

References

1035535 vdb
20160412 .NET Framework 4.6 allows side loading of Windows API Set DLL mailing-list
20160412 .NET Framework 4.6 allows side loading of Windows API Set DLL mailing-list
http://packetstormsecurity.com/files/136671/.NET-Framework-4.6-DLL-Hijacking.html url
MS16-041 vendor-advisory
http://www.zerodayinitiative.com/advisories/ZDI-16-234 url
https://technet.microsoft.com/fr-fr/library/security/ms16-041 advisory
https://technet.microsoft.com/fr-fr/library/security/ms16-039 advisory
https://nvd.nist.gov/vuln/detail/CVE-2016-0148 advisory

Open in Interactive Console →