CVE-2016-0132

CRITICAL

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1 - XML Signature Spoofing via Modified Document

Title source: llm
STIX 2.1

Description

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signatures via a modified document, aka ".NET XML Validation Security Feature Bypass."

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/84075
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1035213

Scores

CVSS v3 9.8
EPSS 0.2198
EPSS Percentile 97.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (7)
microsoft/.net_framework 2.0 sp2
microsoft/.net_framework 3.0 sp2
microsoft/.net_framework 3.5
microsoft/.net_framework 3.5.1
microsoft/.net_framework 4.5.2
microsoft/.net_framework 4.6
microsoft/.net_framework 4.6.1
Published Mar 09, 2016
Tracked Since Feb 18, 2026