CVE-2016-0047

HIGH

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1 - Information Disclosure via Crafted Icon Data

Title source: llm
STIX 2.1

Description

WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information from process memory via crafted icon data, aka "Windows Forms Information Disclosure Vulnerability."

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034983

Scores

CVSS v3 7.5
EPSS 0.2057
EPSS Percentile 97.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (6)
microsoft/.net_framework 2.0 sp2
microsoft/.net_framework 3.5
microsoft/.net_framework 3.5.1
microsoft/.net_framework 4.5.2
microsoft/.net_framework 4.6
microsoft/.net_framework 4.6.1
Published Feb 10, 2016
Tracked Since Feb 18, 2026