First published: Wed Jul 11 2018(Updated: )
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft .NET Framework 4 | =2.0-sp2 | |
Microsoft .NET Framework 4 | =3.0-sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft .NET Framework 4 | =3.5 | |
Windows 10 | ||
Windows 10 | =1607 | |
Windows 10 | =1703 | |
Windows 10 | =1709 | |
Windows 10 | =1803 | |
Microsoft Windows | ||
Microsoft Windows Server | ||
Microsoft Windows Server | =r2 | |
Microsoft Windows Server 2016 | ||
Microsoft .NET Framework 4 | =3.5.1 | |
Microsoft Windows 7 | =sp1 | |
Microsoft Windows Server | =r2-sp1 | |
Microsoft .NET Framework 4 | =4.5.2 | |
Microsoft Windows RT | ||
Microsoft Windows Server | =sp2 | |
Microsoft .NET Framework 4 | =4.6 | |
Microsoft .NET Framework 4 | =4.6.2 | |
Microsoft .NET Framework 4 | =4.7 | |
Microsoft .NET Framework 4 | =4.7.1 | |
Microsoft .NET Framework 4 | =4.7.2 | |
Microsoft Windows Server 2016 | ||
Microsoft .NET Framework 4 | =4.6.1 | |
Microsoft Windows Server | =1709 | |
Microsoft Windows Server | =1803 | |
Microsoft Project Server | =2010-sp2 | |
Microsoft Project Server | =2013-sp1 | |
Microsoft SharePoint Enterprise Server 2016 | =2013-sp1 | |
Microsoft SharePoint Enterprise Server 2016 | =2016 | |
Microsoft SharePoint Foundation 2013 | =2010-sp2 | |
Microsoft SharePoint Foundation 2013 | =2013-sp1 | |
Microsoft SharePoint Server 2010 | =2010-sp2 | |
Microsoft SharePoint Server 2010 | =2013-sp1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-8284 is rated as critical because it allows remote code execution.
To fix CVE-2018-8284, it is recommended to apply the latest security updates provided by Microsoft for the affected versions of the .NET Framework.
CVE-2018-8284 affects Microsoft .NET Framework versions 2.0, 3.0, 3.5, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2.
A remote code execution vulnerability like CVE-2018-8284 allows attackers to execute arbitrary code on a target system without physical access.
There are no known workarounds for CVE-2018-8284; applying the security updates from Microsoft is essential to mitigate this vulnerability.