Request a Demo
Rewterz
Multiple Google Chrome Vulnerabilities
December 3, 2024
Rewterz
JavaScript Payloads and Phishing Emails Used by Horns&Hooves Campaign to Deliver RATs – Active IOCs
December 3, 2024

Multiple Microsoft .NET, .NET Framework and Visual Studio Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-43498 CVSS:9.8

Microsoft .NET and Visual Studio could allow a remote attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-43499 CVSS:7.5

Microsoft .NET and Visual Studio are vulnerable to a denial of service, caused by unchecked input for loop condition. A remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-43483 CVSS:7.5

Microsoft .NET, .NET Framework, and Visual Studio are vulnerable to a denial of service, caused by an algorithmic complexity flaw. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-43484 CVSS:7.5

Microsoft .NET, .NET Framework, and Visual Studio are vulnerable to a denial of service, caused by an algorithmic complexity flaw. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-43485 CVSS:7.5

Microsoft .NET and Visual Studio are vulnerable to a denial of service, caused by an algorithmic complexity flaw. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-38229 CVSS:8.1

Microsoft .NET and Visual Studio could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free erroe. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

  • Denial of Service
  • Code Execution

Indicators of Compromise

CVE

  • CVE-2024-43498
  • CVE-2024-43499
  • CVE-2024-43483
  • CVE-2024-43484
  • CVE-2024-43485
  • CVE-2024-38229

Affected Vendors

Microsoft

Affected Products

  • Microsoft Visual Studio 2022 version 17.10 - 17.10
  • Microsoft Visual Studio 2022 version 17.6 - 17.6.0
  • Microsoft Visual Studio 2022 version 17.8 - 17.8.0
  • Microsoft Visual Studio 2022 version 17.11 - 17.11
  • Microsoft .NET 8.0 - 8.0.0
  • Microsoft .NET 6.0 - 6.0.0
  • Microsoft .NET Framework 3.5 AND 4.8 - 4.8.0 - 4.8.0
  • Microsoft .NET Framework 3.5 AND 4.7.2 - 4.7.0 - 4.7.0
  • Microsoft PowerShell 7.4 - 7.4.0
  • Microsoft .NET Framework 3.0 Service Pack 2 - 3.0.0
  • Microsoft .NET Framework 4.8 - 4.8.0 - 4.8.0 - 4.8.0

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2024-43498

CVE-2024-43499

CVE-2024-43483

CVE-2024-43484

CVE-2024-43485

CVE-2024-38229