Title

Microsoft .NET Framework Privilege Escalation Vulnerability (Cat I impact)

Discussion

Microsoft has released a security bulletin addressing a privilege escalation vulnerability in .NET Framework. The Microsoft .NET Framework is a component of the Microsoft Windows operating system that enables building and running software applications and Web services. To exploit this vulnerability, an attacker would host a webpage with malicious XAML Browser Applications (XBAPs) and entice a user to view the page or use .NET Framework applications to bypass Code Access Security (CAS) restrictions. If successfully exploited, this vulnerability would allow an attacker to escalate privileges and compromise the affected systems.

Check Content

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-36822

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.