PT-2015-5416 · Microsoft · Windows Forms+1
Published
2015-05-12
·
Updated
2018-10-12
·
CVE-2015-1673
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Microsoft .NET Framework versions 1.1 SP1 through 4.5.2
Description
The issue is caused by the improper handling of objects in memory by the Windows Forms (WinForms) libraries in Microsoft .NET Framework. This allows an attacker to potentially take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights.
Recommendations
For Microsoft .NET Framework versions 1.1 SP1 through 4.5.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
.Net Framework
Windows Forms