CVE-2016-3255

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1

Description The issue is related to the improper parsing of XML input containing a reference to an external entity, allowing an attacker to read arbitrary files via an XML external entity declaration. This can be exploited by a remote attacker using XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Recommendations For Microsoft .NET Framework versions 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1, consider restricting the use of XML external entities to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using XML input containing external entity declarations in conjunction with entity references. Restrict access to sensitive files that could be read through this issue to minimize the risk of information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.