Description
<p>An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory.</p> <p>To exploit the vulnerability, an authenticated attacker would need to run a specially crafted application.</p> <p>The update addresses the vulnerability by correcting how the .NET Framework handles objects in memory.</p>
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
E
Physical
RL
O
RC
Changed
Affected products
- Microsoft / .net2.0 – 2.0
- Microsoft / .net3.5 – 3.5
- Microsoft / .net3.5.1 – 3.5.1
- Microsoft / .net4.8 – 4.8
- Microsoft / .net4.7.2 – 4.7.2
- Microsoft / .net_framework4.5.2 – 4.5.2
- Microsoft / .net_framework3.5 – 3.5
- Microsoft / .net_framework
- Microsoft / .net_framework4.6 – 4.6