Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
.NET Framework Number Of NVD 174 CRITICAL 6 HIGH 124 MEDIUM 41 LOW 3
URL https://dotnet.microsoft.com/
Explanation NET Framework is a managed execution environment for Windows that provides a variety of services to running apps. NET Framework is a managed execution environment for Windows that provides a variety of services to running apps. It consists of the Common Language Runtime (CLR), an execution engine that handles running apps, and the .NET Framework class libraries, which are validated, reusable code libraries that developers can call from their own apps. The .NET Framework provides the following services to running apps

Translated and excerpted from [https://docs.microsoft.com/ja-jp/dotnet/framework/get-started/]
Tag
  • C#
  • VB.NET
Add Information URL
No Type Name URL
1 https://dotnet.microsoft.com/download/dotnet-framework
2 https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed
3 https://dotnet.microsoft.com/en-us/platform/support/policy/dotnet-core
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
121 .NET Framework 6.7 6.7.2 Nov. 8, 2021 Nov. 12, 2024 0 0 0 0
122 .NET Framework 4.8 4.8.1 April 18, 2019 3 34 7 1
123 .NET Framework 4.7 4.7.2 April 5, 2017 5 50 9 1
124 .NET Framework 4.6 4.6.2 July 20, 2015 6 64 14 1
125 .NET Framework 4.5 4.5.2 Aug. 15, 2012 Jan. 12, 2016 4 61 18 1
126 .NET Framework 4.0 April 12, 2010 Jan. 12, 2016 0 44 13 1
127 .NET Framework 3.5 SP1 Aug. 11, 2008 Oct. 10, 2028 6 98 25 3
128 .NET Framework 3.5 Nov. 19, 2007 July 12, 2011 6 98 25 3
129 .NET Framework 3.0 Nov. 6, 2006 July 12, 2011 5 51 9 1
130 .NET Framework 2.0 Oct. 27, 2005 July 12, 2011 4 89 25 3
131 .NET Framework 1.1 April 9, 2003 Oct. 8, 2013 0 27 10 1
132 .NET Framework 1.0 Jan. 15, 2002 July 14, 2009 0 18 8 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
121 -
9.3 		HIGH Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary… CWE-20
 Improper Input Validation  		CVE-2013-0004 cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framework:4.0:*
cpe:2.3:a:microsoft:.net_framew… 		2024-11-21 10:46
2013-01-10 		Show GitHub Exploit DB Packet Storm
122 -
9.3 		HIGH Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary cod… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2013-0003 cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framework:4.0:*
cpe:2.3:a:microsoft:.net_framew… 		2024-11-21 10:46
2013-01-10 		Show GitHub Exploit DB Packet Storm
123 -
9.3 		HIGH Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code … CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2013-0002 cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framework:4.0:*
cpe:2.3:a:microsoft:.net_framew… 		2024-11-21 10:46
2013-01-10 		Show GitHub Exploit DB Packet Storm
124 -
4.3 		MEDIUM The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obta… CWE-200
Information Exposure 		CVE-2013-0001 cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framework:4.0:*
cpe:2.3:a:microsoft:.net_framew… 		2024-11-21 10:46
2013-01-10 		Show GitHub Exploit DB Packet Storm
125 -
9.3 		HIGH The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary c… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2012-4777 cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framework:4.0:* 		2024-11-21 10:43
2012-11-14 		Show GitHub Exploit DB Packet Storm
126 -
9.3 		HIGH The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy setting… CWE-20
 Improper Input Validation  		CVE-2012-4776 cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framework:4.0:*
cpe:2.3:a:microsoft:.net_framew… 		2024-11-21 10:43
2012-11-14 		Show GitHub Exploit DB Packet Storm
127 -
7.9 		HIGH Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DL… NVD-CWE-Other
CVE-2012-2519 cpe:2.3:a:microsoft:.net_framework:4.0:*
cpe:2.3:a:microsoft:.net_framework:3.5:*
cpe:2.3:a:microsoft:.net_framew… 		2024-11-21 10:39
2012-11-14 		Show GitHub Exploit DB Packet Storm
128 -
5.0 		MEDIUM Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted … CWE-200
Information Exposure 		CVE-2012-1896 cpe:2.3:a:microsoft:.net_framework:3.5.1:*
cpe:2.3:a:microsoft:.net_framework:2.0:sp2 		2024-11-21 10:37
2012-11-14 		Show GitHub Exploit DB Packet Storm
129 -
9.3 		HIGH The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2012-1895 cpe:2.3:a:microsoft:.net_framework:4.0:*
cpe:2.3:a:microsoft:.net_framework:3.5.1:*
cpe:2.3:a:microsoft:.net_fram… 		2024-11-21 10:37
2012-11-14 		Show GitHub Exploit DB Packet Storm
130 -
9.3 		HIGH Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application… CWE-94
Code Injection 		CVE-2012-1855 cpe:2.3:a:microsoft:.net_framework:4.0:*
cpe:2.3:a:microsoft:.net_framework:3.5.1:*
cpe:2.3:a:microsoft:.net_fram… 		2024-11-21 10:37
2012-06-13 		Show GitHub Exploit DB Packet Storm