Description
Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability."
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Google Security Research · textremotewindows
https://www.exploit-db.com/exploits/41903
References (4)
Core 4
Core References
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0160
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/97447
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/41903/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038236
Scores
CVSS v3
7.8
EPSS
0.1301
EPSS Percentile
94.1%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (9)
microsoft/.net_framework
2.0 sp2
microsoft/.net_framework
3.5
microsoft/.net_framework
3.5.1
microsoft/.net_framework
4.5.2
microsoft/.net_framework
4.6
microsoft/.net_framework
4.6.1
microsoft/.net_framework
4.6.2
microsoft/.net_framework
4.7
Microsoft Corporation/.NET Framework
.NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7
Published
Apr 12, 2017
Tracked Since
Feb 18, 2026