CVE-2015-6096

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 2.0 SP2 through 4.6

Description The issue is related to an XML External Entity (XXE) problem in the XML DTD parser, allowing remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference. This can enable an attacker to gain read access to local files on the target system by convincing a user to download and open a specially crafted application file. The vulnerability is associated with a lack of protection for service data.

Recommendations For Microsoft .NET Framework versions 2.0 SP2 through 4.6, update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.