Denial of service in Microsoft .NET Framework
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-8585 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Microsoft .NET Framework Server applications / Frameworks for developing and running applications |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Denial of service
EUVDB-ID: #VU7458
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-8585
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to improper handling of web requests by Microsoft Common Object Runtime Library in .NET application. A remote attacker can supply specially crafted requests and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Install updates from vendor's website.
Vulnerable software versionsMicrosoft .NET Framework: 4.6 - 4.7
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8585
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
