Irsdl

**Nome do software vulnerável e versões afetadas** Microsoft .NET Framework (versões afetadas não especificadas) **Descrição** Existe uma vulnerabilidade que permite a execução remota de código devido à falha do Microsoft .NET Framework em validar adequadamente as entradas. Isso poderia permitir que um invasor remoto executasse código arbitrário utilizando um arquivo especialmente criado. A exploração bem-sucedida poderia permitir que um invasor assumisse o controle de um sistema afetado, instalasse programas, visualizasse, alterasse ou excluisse dados, ou criasse novas contas com direitos de usuário plenos. Usuários com menos direitos no sistema podem ser menos afetados do que aqueles que operam com direitos de usuário administrativo. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 5.2.3 **Description** The issue is related to the incorrect handling of media during upload in the WordPress content management system, specifically affecting the `wp ajax upload attachment` function. This can allow a remote attacker to compromise data integrity. The problem is also described as allowing XSS in media uploads due to the mishandling of the `wp ajax upload attachment` function. **Recommendations** For versions prior to 5.2.3, update to version 5.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the media upload functionality until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 5.2.3 **Description** The issue is related to incorrect URL sanitization in the `wp kses bad protocol once` function, which can lead to cross-site scripting (XSS) attacks. This could allow a remote attacker to compromise data integrity. **Recommendations** For WordPress versions prior to 5.2.3, update to version 5.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable URL endpoints until the update is applied.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 5.2.3 **Description** The issue is related to an error in the content management system of WordPress, allowing for a Cross-Site Scripting (XSS) attack when authorized users view post previews. This could enable a remote attacker to compromise data integrity. **Recommendations** For versions prior to 5.2.3, update to version 5.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to post previews for authenticated users until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Microsoft browsers on Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 **Description** A security feature bypass issue exists due to improper handling of redirect requests by Microsoft browsers. This allows the browsers to bypass CORS redirect restrictions and follow redirect requests that should otherwise be ignored. An attacker who successfully exploits this could force the browser to send data to a destination web site of their choice. **Recommendations** For Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, update to a newer version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to 8.1 **Description** The issue is related to the Microsoft.XMLDOM ActiveX control, which does not properly detect recursion during entity expansion. This allows remote attackers to cause a denial of service by consuming memory and CPU via a crafted XML document containing a large number of nested entity references. **Recommendations** For versions prior to 8.1, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer versions prior to the fixed version Microsoft.XMLDOM ActiveX control in Microsoft Windows versions prior to 8.1 **Description** The issue allows attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes. This can be demonstrated by a res:// URL. The vulnerability could allow an attacker to detect anti-malware applications in use on a target and use the information to avoid detection. It has been exploited in the wild. **Recommendations** For Internet Explorer, update to a version that includes the fix for this issue. For Microsoft Windows 8.1 and earlier, update to a version that includes the fix for this issue or apply relevant security patches. As a temporary workaround, consider restricting access to the Microsoft.XMLDOM ActiveX control until a patch is available. Avoid using the `res://` URL in the affected API endpoint until the issue is resolved.