CVE-2016-0132

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 2.0 SP2 through 4.6.1

Description The issue is related to the mishandling of signature validation for certain elements of XML documents, allowing remote attackers to spoof signatures via a modified document. This can enable an attacker to modify the contents of an XML file without invalidating the signature associated with the file. If a .NET application relies on the signature to be non-malicious, the behavior of the application could become unpredictable.

Recommendations For Microsoft .NET Framework versions 2.0 SP2 through 4.6.1, consider restricting the use of XML documents with signed elements until a patch is available. As a temporary workaround, avoid relying on the signature validation of XML documents in .NET applications to prevent potential exploitation.