CVE-2018-8260

Name of the Vulnerable Software and Affected Versions .NET Framework versions 4.7.2

Description A Remote Code Execution issue exists in .NET software due to its failure to check the source markup of a file. This allows an attacker to run arbitrary code in the context of the current user. If the user has administrative rights, the attacker could take control of the system, install programs, view, change, or delete data, or create new accounts with full user rights. The exploitation requires a user to open a specially crafted file with an affected version of .NET.

Recommendations For .NET Framework version 4.7.2, update to a version that includes the fix for this issue to prevent exploitation.