CVE-2018-8540: Code Injection
First published: Wed Dec 12 2018(Updated: )
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 4.6.2.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft .NET Framework | =3.5 | |
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | =1607 | |
| Microsoft Windows 10 | =1703 | |
| Microsoft Windows 10 | =1709 | |
| Microsoft Windows 10 | =1803 | |
| Microsoft Windows 10 | =1809 | |
| Microsoft Windows 8.1 | ||
| Microsoft Windows Server 2012 | ||
| Microsoft Windows Server 2012 | =r2 | |
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2016 | =1709 | |
| Microsoft Windows Server 2016 | =1803 | |
| Microsoft Windows Server 2019 | ||
| Microsoft .NET Framework | =3.5-sp1 | |
| Microsoft Windows Server 2008 | =sp2 | |
| Microsoft .NET Framework | =3.5.1 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows Server 2008 | =r2-sp1 | |
| Microsoft .NET Framework | =4.5.2 | |
| Microsoft Windows RT 8.1 | ||
| Microsoft .NET Framework | =4.6.2 | |
| Microsoft .NET Framework | =4.6 | |
| Microsoft .NET Framework | =4.6.1 | |
| Microsoft .NET Framework | =4.7 | |
| Microsoft .NET Framework | =4.7.1 | |
| Microsoft .NET Framework | =4.7.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-8540?
CVE-2018-8540 is a remote code execution vulnerability in the Microsoft .NET Framework.
What is the severity of CVE-2018-8540?
The severity of CVE-2018-8540 is critical with a CVSS score of 9.8.
Which versions of Microsoft .NET Framework are affected by CVE-2018-8540?
Microsoft .NET Framework versions 4.6, 3.5, 4.7, 4.7.1, and 4.7.2 are affected by CVE-2018-8540.
How does CVE-2018-8540 affect Microsoft Windows 10?
CVE-2018-8540 does not affect Microsoft Windows 10.
Where can I find more information about CVE-2018-8540?
You can find more information about CVE-2018-8540 on the SecurityFocus and Microsoft Security Response Center websites.
- agent/references
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/remedy
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/microsoft
- canonical/microsoft .net framework
- version/microsoft .net framework/3.5
- canonical/microsoft windows 10
- version/microsoft windows 10/1607
- version/microsoft windows 10/1703
- version/microsoft windows 10/1709
- version/microsoft windows 10/1803
- version/microsoft windows 10/1809
- canonical/microsoft windows 8.1
- canonical/microsoft windows server 2012
- version/microsoft windows server 2012/r2
- canonical/microsoft windows server 2016
- version/microsoft windows server 2016/1709
- version/microsoft windows server 2016/1803
- canonical/microsoft windows server 2019
- version/microsoft .net framework/3.5-sp1
- canonical/microsoft windows server 2008
- version/microsoft windows server 2008/sp2
- version/microsoft .net framework/3.5.1
- canonical/microsoft windows 7
- version/microsoft windows 7/sp1
- version/microsoft windows server 2008/r2-sp1
- version/microsoft .net framework/4.5.2
- canonical/microsoft windows rt 8.1
- version/microsoft .net framework/4.6.2
- version/microsoft .net framework/4.6
- version/microsoft .net framework/4.6.1
- version/microsoft .net framework/4.7
- version/microsoft .net framework/4.7.1
- version/microsoft .net framework/4.7.2