CVE-2018-8540

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 3.5 through 4.7.2 Microsoft .NET Framework versions 4.5.2 through 4.7.2 Microsoft .NET Framework version 4.6 Microsoft .NET Framework version 4.6.1 Microsoft .NET Framework version 4.6.2 Microsoft .NET Framework version 3.5.1

However, to consolidate the ranges of affected versions into the most concise form and avoid redundant or overlapping statements, the above list can be simplified to: Microsoft .NET Framework versions 3.5 through 4.7.2 Microsoft .NET Framework version 4.5.2

Description A remote code execution issue exists due to improper input validation. This could allow a remote attacker to execute arbitrary code using specially crafted input data. Successful exploitation could enable an attacker to take control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system might be less impacted than those operating with administrative user rights.

Recommendations For Microsoft .NET Framework versions 3.5 through 4.7.2, update to a version that properly validates input to prevent remote code execution. For Microsoft .NET Framework version 4.5.2, update to a version that properly validates input to prevent remote code execution. As a temporary workaround, consider restricting input validation to minimize the risk of exploitation until a patch is available.