CVE-2015-1672

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 2.0 SP2 through 4.5.2

Description A denial of service issue exists in Microsoft .NET Framework, allowing an unauthenticated attacker to degrade the performance of a .NET-enabled website and disrupt the availability of applications. This occurs when Microsoft .NET Framework attempts to decrypt certain specially crafted XML data, leading to recursion and performance degradation.

Recommendations For Microsoft .NET Framework versions 2.0 SP2 through 4.5.2, consider restricting the processing of encrypted XML data to minimize the risk of exploitation. As a temporary workaround, limit the recursion depth when decrypting XML data to prevent performance degradation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.