CVE-2016-0033

HIGH

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1 - Denial of Service via Recursive XSLT Compilation

Title source: llm
STIX 2.1

Description

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service (performance degradation) via crafted XSLT data, aka ".NET Framework Stack Overflow Denial of Service Vulnerability."

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034983

Scores

CVSS v3 7.5
EPSS 0.1807
EPSS Percentile 96.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-94
Status published
Products (6)
microsoft/.net_framework 2.0 sp2
microsoft/.net_framework 3.5
microsoft/.net_framework 3.5.1
microsoft/.net_framework 4.5.2
microsoft/.net_framework 4.6
microsoft/.net_framework 4.6.1
Published Feb 10, 2016
Tracked Since Feb 18, 2026