Severity
High
Analysis Summary
CVE-2023-36788 CVSS:7.8
Microsoft .NET Framework could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-36799 CVSS:6.5
Microsoft .NET Core and Visual Studio is vulnerable to a denial of service. By persuading a victim to open a specially crafted content, a remote attacker could exploit this vulnerability to cause a denial of service condition.
Impact
- Code Execution
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2023-36788
- CVE-2023-36799
Affected Vendors
Microsoft
Affected Products
- Microsoft .NET 6.0
- Microsoft Visual Studio 2022 17.2
- Microsoft .NET 7.0
- Microsoft Visual Studio 2022 17.4
- Microsoft Visual Studio 2022 17.6
- Microsoft Visual Studio 2022 17.7
- Microsoft .NET Framework 4.7.2 Developer Pack
- Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit Systems 1809
- Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for ARM64-based Systems 1809
- Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for X64-based Systems 1809
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.