Vulnerability Name: | CVE-2016-0047 (CCN-110176) | ||||||||||||
Assigned: | 2015-12-04 | ||||||||||||
Published: | 2016-02-09 | ||||||||||||
Updated: | 2018-10-12 | ||||||||||||
Summary: | WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information from process memory via crafted icon data, aka "Windows Forms Information Disclosure Vulnerability." | ||||||||||||
CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||
Vulnerability Type: | CWE-200 | ||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2016-0047 Source: CCN Type: Microsoft Security Bulletin MS16-019 Security Update for .NET Framework to Address Denial of Service (3137893) Source: SECTRACK Type: UNKNOWN 1034983 Source: MS Type: UNKNOWN MS16-019 Source: XF Type: UNKNOWN ms-dotnet-cve20160047-info-disc(110176) | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |