Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2018-8421

Published: 13/09/2018 Updated: 23/05/2022
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 891
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Microsoft

Vulnerability Summary

A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft .net_framework 2.0

microsoft .net_framework 3.0

microsoft .net_framework 3.5

microsoft .net_framework 3.5.1

microsoft .net_framework 4.5.2

microsoft .net_framework 4.6

microsoft .net_framework 4.6.2

microsoft .net_framework 4.7

microsoft .net_framework 4.7.1

microsoft .net_framework 4.7.2

microsoft .net_framework 4.6.1

Vendor Advisories

Red Hat: CVE-2018-8421
A remote code execution vulnerability exists when Microsoft NET Framework processes untrusted input, aka "NET Framework Remote Code Execution Vulnerability" This affects Microsoft NET Framework 46, Microsoft NET Framework 35, Microsoft NET Framework 47/471/472, Microsoft NET Framework 30, Microsoft NET Framework 351, Microsoft NE ...

Github Repositories

https://github.com/NHPT/ysoserial.net

ysoserial.net for Windows execute file

ysoserialnet ysoserialnet for Windows execute file Usage ysoserialexe -h ysoserialnet generates deserialization payloads for a variety of NET formatters Available gadgets: ActivitySurrogateDisableTypeCheck (Disables 48+ type protections for ActivitySurrogateSelector, command is ignored) Formatters: BinaryFormatter, LosFormatter, NetDataContractSerializer, ObjectStateFor

https://github.com/puckiestyle/ysoserial.net-master

ysoserialnet ysoserialnet for Windows execute file Usage ysoserialexe -h ysoserialnet generates deserialization payloads for a variety of NET formatters Available gadgets: ActivitySurrogateDisableTypeCheck (Disables 48+ type protections for ActivitySurrogateSelector, command is ignored) Formatters: BinaryFormatter, LosFormatter, NetDataContractSerializer, ObjectStateFor

Recent Articles

It's September 2018, and Windows VMs can pwn their host servers by launching an evil app
The Register • Shaun Nichols in San Francisco • 11 Sep 2018

Too smart? There's also an old-fashioned image file RCE Safari, Edge fans: Is that really the website you think you're visiting? URL spoof bug blabbed

Admins will again be working overtime as Microsoft and Adobe have posted their monthly scheduled security updates for September. This month's Patch Tuesday bundle includes critical fixes for Windows, SQL Server, and Hyper V, as well as Flash and Cold Fusion. In total, Microsoft addressed 61 CVE-listed vulnerabilities this month, including 23 that would potentially allow for remote code execution. One of the more noteworthy of those bugs is CVE-2018-8475, a remote code flaw that can be triggered ...

Read more...

References

CWE-20https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8421http://www.securitytracker.com/id/1041636http://www.securityfocus.com/bid/105222https://nvd.nist.govhttps://github.com/NHPT/ysoserial.nethttps://www.theregister.co.uk/2018/09/11/patch_tuesday_september/https://access.redhat.com/security/cve/cve-2018-8421
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook