CVE-2018-0764

high-risk

Published 2018-01-10

Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765.

Do I need to act?

34.7% chance of exploitation in next 30 days

EPSS score — higher than 65% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (14)

.Net Core

Powershell Core

.Net Framework

Affected Vendors

Microsoft

References (8)

Third Party Advisory http://www.securityfocus.com/bid/102387

Third Party Advisory http://www.securitytracker.com/id/1040152

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:0379

Patch https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764

Third Party Advisory http://www.securityfocus.com/bid/102387

Third Party Advisory http://www.securitytracker.com/id/1040152

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:0379

Patch https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764

/ 100

high-risk

Severity 26/34 · High

Exploitability 16/34 · Moderate

Exposure 18/34 · Moderate