Details of VAR-202212-1469

ID

VAR-202212-1469

CVE

CVE-2022-41089

TITLE

plural Microsoft Remote code execution vulnerability in product

Trust: 0.8

sources: JVNDB: JVNDB-2022-002812

DESCRIPTION

.NET Framework Remote Code Execution Vulnerability. Microsoft .NET Framework是美国微软（Microsoft）公司的一种全面且一致的编程模型，也是一个用于构建Windows、Windows Store、Windows Phone、Windows Server和Microsoft Azure的应用程序的开发平台。该平台包括C＃和Visual Basic编程语言、公共语言运行库和广泛的类库

Trust: 2.16

sources: NVD: CVE-2022-41089 // JVNDB: JVNDB-2022-002812 // CNNVD: CNNVD-202212-2976

AFFECTED PRODUCTS

vendor:	microsoft	model:	.net framework	scope:	eq	version:	3.0	Trust: 1.0
vendor:	microsoft	model:	.net framework	scope:	eq	version:	2.0	Trust: 1.0
vendor:	microsoft	model:	.net framework	scope:	eq	version:	4.6	Trust: 1.0
vendor:	microsoft	model:	.net framework	scope:	eq	version:	4.7	Trust: 1.0
vendor:	microsoft	model:	.net framework	scope:	eq	version:	4.7.2	Trust: 1.0
vendor:	microsoft	model:	.net framework	scope:	eq	version:	3.5	Trust: 1.0
vendor:	microsoft	model:	.net framework	scope:	eq	version:	4.6.2	Trust: 1.0
vendor:	microsoft	model:	.net framework	scope:	eq	version:	4.7.1	Trust: 1.0
vendor:	microsoft	model:	.net framework	scope:	eq	version:	3.5.1	Trust: 1.0
vendor:	microsoft	model:	.net framework	scope:	eq	version:	4.8.1	Trust: 1.0
vendor:	microsoft	model:	.net framework	scope:	eq	version:	4.8	Trust: 1.0
vendor:	microsoft	model:	.net framework	scope:	eq	version:	4.6.1	Trust: 1.0
vendor:	マイクロソフト	model:	microsoft visual studio	scope:	eq	version:	2022 17.0	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft visual studio	scope:	eq	version:	2019 16.11 (includes 16.0 - 16.10)	Trust: 0.8
vendor:	マイクロソフト	model:	.net core	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	.net	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft visual studio	scope:	eq	version:	2022 17.4	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft visual studio	scope:	eq	version:	2022 17.2	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft .net framework	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-002812 // NVD: CVE-2022-41089

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-41089
value:	HIGH
Trust: 1.0
secure@microsoft.com:	CVE-2022-41089
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2022-002812
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202212-2976
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-41089
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2022-002812
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-002812 // CNNVD: CNNVD-202212-2976 // NVD: CVE-2022-41089 // NVD: CVE-2022-41089

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-002812 // NVD: CVE-2022-41089

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-2976

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202212-2976

PATCH

title:	.NET Framework Remote Code Execution Vulnerability Security Update Guide	url:	https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41089	Trust: 0.8
title:	Microsoft .NET Framework Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=217209	Trust: 0.6

sources: JVNDB: JVNDB-2022-002812 // CNNVD: CNNVD-202212-2976

EXTERNAL IDS

db:	NVD	id:	CVE-2022-41089	Trust: 3.2
db:	JVNDB	id:	JVNDB-2022-002812	Trust: 0.8
db:	CNNVD	id:	CNNVD-202212-2976	Trust: 0.6

sources: JVNDB: JVNDB-2022-002812 // CNNVD: CNNVD-202212-2976 // NVD: CVE-2022-41089

REFERENCES

url:	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2022-41089	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-41089	Trust: 0.8
url:	https://www.ipa.go.jp/security/ciadr/vul/20221214-ms.html	Trust: 0.8
url:	https://www.jpcert.or.jp/at/2022/at220034.html	Trust: 0.8
url:	https://vigilance.fr/vulnerability/microsoft-net-visual-studio-code-execution-40100	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-41089/	Trust: 0.6
url:	https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-41089	Trust: 0.6

sources: JVNDB: JVNDB-2022-002812 // CNNVD: CNNVD-202212-2976 // NVD: CVE-2022-41089

CREDITS

Nick Landers</a> with NetSPI,Eleftherios Panos</a> with Nettitude</a>

Trust: 0.6

sources: CNNVD: CNNVD-202212-2976

SOURCES

db:	JVNDB	id:	JVNDB-2022-002812
db:	CNNVD	id:	CNNVD-202212-2976
db:	NVD	id:	CVE-2022-41089

LAST UPDATE DATE

2024-08-14T13:42:13.989000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-002812	date:	2022-12-20T07:31:00
db:	CNNVD	id:	CNNVD-202212-2976	date:	2022-12-16T00:00:00
db:	NVD	id:	CVE-2022-41089	date:	2023-11-17T17:39:58.597

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-002812	date:	2022-12-20T00:00:00
db:	CNNVD	id:	CNNVD-202212-2976	date:	2022-12-13T00:00:00
db:	NVD	id:	CVE-2022-41089	date:	2022-12-13T19:15:12.090