MS16-019 Security Update for .NET Framework to Address Denial of Service
2016-02-09 This security update resolves vulnerabilities in Microsoft .NET Framework. The more severe of the vulnerabilities could cause denial of service if an attacker inserts specially crafted XSLT into a client-side XML web part, causing the server to recursively compile XSLT transforms.
Vulnerabilities addressed in this bulletin:
Bulletin details at Microsoft.com
Vulnerabilities addressed in this bulletin:
- .NET Framework Stack Overflow Denial of Service Vulnerability
- A denial of service vulnerability exists when .NET Framework fails to properly handle certain Extensible Stylesheet Language Transformations (XSLT).
CVE-2016-0033 - Windows Forms Information Disclosure Vulnerability
- An information disclosure vulnerability exists in Microsoft .NET Framework that is caused when .NET’s Windows Forms (WinForms) improperly handles icon data.
CVE-2016-0047
Bulletin details at Microsoft.com
Related CVE Entries
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service (performance degradation) via crafted XSLT data, aka ".NET Framework Stack Overflow Denial of Service Vulnerability."
Max CVSS
7.5
EPSS Score
94.84%
Published
2016-02-10
Updated
2018-10-12
WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information from process memory via crafted icon data, aka "Windows Forms Information Disclosure Vulnerability."
Max CVSS
7.5
EPSS Score
3.60%
Published
2016-02-10
Updated
2018-10-12