CVE-2016-0047

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 2.0 SP2 through 4.6.1

Description The issue is related to the improper handling of icon data by Windows Forms (WinForms) in Microsoft .NET Framework, allowing remote attackers to obtain sensitive information from process memory. This is due to the lack of protection for internal data. An attacker could exploit this by sending specially crafted icon data to a .NET service, which could capture information and return it to the attacker within the icon's data.

Recommendations For Microsoft .NET Framework versions 2.0 SP2 through 4.6.1, consider restricting the handling of icon data in Windows Forms until a patch is available. As a temporary workaround, avoid using crafted icon data in .NET services to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.