CVE-2016-0033

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1

Description The issue arises from the lack of restrictions on recursive compilation of XSLT transforms, allowing remote attackers to cause a denial of service (performance degradation) via crafted XSLT data. This can lead to significant server performance degradation, resulting in a denial of service condition.

Recommendations For Microsoft .NET Framework versions 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1, consider restricting the handling of certain Extensible Stylesheet Language Transformations (XSLT) to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.