Software Detail

Software Informaton Top

Framework

Software Detail

.NET Framework

Number Of NVD

174

CRITICAL

HIGH

124

MEDIUM

LOW

URL	https://dotnet.microsoft.com/
Explanation	NET Framework is a managed execution environment for Windows that provides a variety of services to running apps. NET Framework is a managed execution environment for Windows that provides a variety of services to running apps. It consists of the Common Language Runtime (CLR), an execution engine that handles running apps, and the .NET Framework class libraries, which are validated, reusable code libraries that developers can call from their own apps. The .NET Framework provides the following services to running apps Translated and excerpted from [https://docs.microsoft.com/ja-jp/dotnet/framework/get-started/]
Tag	C# VB.NET

Add Information URL

No	Type	Name	URL
1			https://dotnet.microsoft.com/download/dotnet-framework
2			https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed
3			https://dotnet.microsoft.com/en-us/platform/support/policy/dotnet-core

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Initial release	Normal Support	Critical	High	Medium	Low
151	.NET Framework 6.7	6.7.2	Nov. 8, 2021	Nov. 12, 2024	0	0	0	0
152	.NET Framework 4.8	4.8.1	April 18, 2019		3	34	7	1
153	.NET Framework 4.7	4.7.2	April 5, 2017		5	50	9	1
154	.NET Framework 4.6	4.6.2	July 20, 2015		6	64	14	1
155	.NET Framework 4.5	4.5.2	Aug. 15, 2012	Jan. 12, 2016	4	61	18	1
156	.NET Framework 4.0		April 12, 2010	Jan. 12, 2016	0	44	13	1
157	.NET Framework 3.5 SP1		Aug. 11, 2008	Oct. 10, 2028	6	98	25	3
158	.NET Framework 3.5		Nov. 19, 2007	July 12, 2011	6	98	25	3
159	.NET Framework 3.0		Nov. 6, 2006	July 12, 2011	5	51	9	1
160	.NET Framework 2.0		Oct. 27, 2005	July 12, 2011	4	89	25	3
161	.NET Framework 1.1		April 9, 2003	Oct. 8, 2013	0	27	10	1
162	.NET Framework 1.0		Jan. 15, 2002	July 14, 2009	0	18	8	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	Update date Published date	Show Affected	Exploit PoC Search
151	- 9.3	HIGH	GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 20…	CWE-94 Code Injection	CVE-2009-2503	cpe:2.3:a:microsoft:.net_framework:2.0:sp2 cpe:2.3:a:microsoft:.net_framework:2.0:sp1 cpe:2.3:a:microsoft:.net_fr…	2026-04-23 09:35 2009-10-14	Show	GitHub Exploit DB Packet Storm

152	8.1 9.3	HIGH Network	Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2…	CWE-119 CWE-120 Incorrect Access of Indexable Resource ('Range Error') Classic Buffer Overflow	CVE-2009-2502	cpe:2.3:a:microsoft:.net_framework:2.0:sp2 cpe:2.3:a:microsoft:.net_framework:2.0:sp1 cpe:2.3:a:microsoft:.net_fr…	2026-04-23 09:35 2009-10-14	Show	GitHub Exploit DB Packet Storm

153	- 9.3	HIGH	Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Vis…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2009-2501	cpe:2.3:a:microsoft:.net_framework:2.0:sp2 cpe:2.3:a:microsoft:.net_framework:2.0:sp1 cpe:2.3:a:microsoft:.net_fr…	2026-04-23 09:35 2009-10-14	Show	GitHub Exploit DB Packet Storm

154	- 9.3	HIGH	Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP…	CWE-189 Numeric Errors	CVE-2009-2500	cpe:2.3:a:microsoft:.net_framework:2.0:sp2 cpe:2.3:a:microsoft:.net_framework:2.0:sp1 cpe:2.3:a:microsoft:.net_fr…	2026-04-23 09:35 2009-10-14	Show	GitHub Exploit DB Packet Storm

155	- 9.3	HIGH	The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute…	CWE-94 Code Injection	CVE-2009-2497	cpe:2.3:a:microsoft:.net_framework:3.5:sp1 cpe:2.3:a:microsoft:.net_framework:3.5:sp1 cpe:2.3:a:microsoft:.net_fr…	2026-04-23 09:35 2009-10-14	Show	GitHub Exploit DB Packet Storm

156	- 9.3	HIGH	Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a …	CWE-94 Code Injection	CVE-2009-0091	cpe:2.3:a:microsoft:.net_framework:3.5:sp1 cpe:2.3:a:microsoft:.net_framework:3.5:sp1 cpe:2.3:a:microsoft:.net_fr…	2026-04-23 09:35 2009-10-14	Show	GitHub Exploit DB Packet Storm

157	- 9.3	HIGH	Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrar…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2009-0090	cpe:2.3:a:microsoft:.net_framework:3.5:sp1 cpe:2.3:a:microsoft:.net_framework:3.5:sp1 cpe:2.3:a:microsoft:.net_fr…	2026-04-23 09:35 2009-10-14	Show	GitHub Exploit DB Packet Storm

158	- 2.6	LOW	ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attacker…	CWE-20 Improper Input Validation	CVE-2009-1536	cpe:2.3:a:microsoft:.net_framework:3.5:sp1 cpe:2.3:a:microsoft:.net_framework:3.5:* cpe:2.3:a:microsoft:.net_fram…	2026-04-23 09:35 2009-08-13	Show	GitHub Exploit DB Packet Storm

159	- 10.0	HIGH	The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of t…	CWE-310 Cryptographic Issues	CVE-2008-5100	cpe:2.3:a:microsoft:.net_framework:2.0.50727:*	2026-04-23 09:35 2008-11-18	Show	GitHub Exploit DB Packet Storm

160	- 4.3	MEDIUM	Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers …	CWE-79 Cross-site Scripting	CVE-2008-3842	cpe:2.3:a:microsoft:.net_framework:2.0:* cpe:2.3:a:microsoft:.net_framework:1.1:sp1 cpe:2.3:a:microsoft:.net_fram…	2026-04-23 09:35 2008-08-28	Show	GitHub Exploit DB Packet Storm