MS16-019  Security Update for .NET Framework to Address Denial of Service

2016-02-09 This security update resolves vulnerabilities in Microsoft .NET Framework. The more severe of the vulnerabilities could cause denial of service if an attacker inserts specially crafted XSLT into a client-side XML web part, causing the server to recursively compile XSLT transforms.
Vulnerabilities addressed in this bulletin:
.NET Framework Stack Overflow Denial of Service Vulnerability
A denial of service vulnerability exists when .NET Framework fails to properly handle certain Extensible Stylesheet Language Transformations (XSLT).
CVE-2016-0033
Windows Forms Information Disclosure Vulnerability
An information disclosure vulnerability exists in Microsoft .NET Framework that is caused when .NET’s Windows Forms (WinForms) improperly handles icon data.
CVE-2016-0047

Bulletin details at Microsoft.com

Related CVE Entries

CVE-2016-0033

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service (performance degradation) via crafted XSLT data, aka ".NET Framework Stack Overflow Denial of Service Vulnerability."
Max CVSS
7.5
EPSS Score
94.84%
Published
2016-02-10
Updated
2018-10-12

CVE-2016-0047

WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information from process memory via crafted icon data, aka "Windows Forms Information Disclosure Vulnerability."
Max CVSS
7.5
EPSS Score
3.60%
Published
2016-02-10
Updated
2018-10-12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close