A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HMicrosoft .net Core
APPMicrosoft2.13.1Microsoft .net Framework
APPMicrosoft2.03.03.53.5.14.5.24.64.6.14.6.24.74.7.14.7.24.8Microsoft Sharepoint Enterprise Server
APPMicrosoft20132016Microsoft SharePoint Server
APPMicrosoft20102019Microsoft Visual Studio 2017
APPMicrosoft15.0 – 15.9Microsoft Visual Studio 2019
APPMicrosoft16.0 – 16.6Microsoft Windows 10
OSMicrosoft1607170918031809190319092004Microsoft Windows 7
OSMicrosoftwszystkie wersjeMicrosoft Windows 8.1
OSMicrosoftwszystkie wersjeMicrosoft Windows Rt 8.1
OSMicrosoftwszystkie wersjeMicrosoft Windows Server 2008
OSMicrosoftr2Microsoft Windows Server 2012
OSMicrosoftr2Microsoft Windows Server 2016
OSMicrosoft1803190319092004Microsoft Windows Server 2019
OSMicrosoftwszystkie wersje
CISA KEV — detailsi
- Vendori
- Microsoft ↗
- Producti
- .NET Framework, SharePoint, Visual Studio
- Added to KEVi
- November 3, 2021
- Remediation deadline (US Federal)i
- May 3, 2022(overdue)
Apply updates per vendor instructions.
Microsoft .NET Framework, Microsoft SharePoint, and Visual Studio contain a remote code execution vulnerability when the software fails to check the source markup of XML file input. Successful exploitation allows an attacker to execute code in the context of the process responsible for deserialization of the XML content.
Related vulnerabilities
RCE przez deserializację niezaufanych danych w Microsoft SharePoint Server
RCE w Windows Server Update Service (WSUS) — deserializacja danych
RCE przez deserialization w Microsoft SharePoint Server (on-premises)
Microsoft SharePoint Server Elevation of Privilege Vulnerability
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly ...