1. Home
  2. CVE Database
  3. CVE-2018-8540
CRITICAL · 9.8

CVE-2018-8540

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET F...

Vulnerability Description

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 4.6.2.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
Microsoft.Net Framework3.5
MicrosoftWindows 10-
MicrosoftWindows 8.1-
MicrosoftWindows Server 2012-
MicrosoftWindows Server 2016-
MicrosoftWindows Server 2019-
MicrosoftWindows Server 2008-
MicrosoftWindows 7-
MicrosoftWindows Rt 8.1-

Related Weaknesses (CWE)

CWE-94

References

FAQ

What is CVE-2018-8540?

CVE-2018-8540 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET F...

How severe is CVE-2018-8540?

CVE-2018-8540 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-8540?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft .Net Framework, Microsoft Windows 10, Microsoft Windows 8.1, Microsoft Windows Server 2012, Microsoft Windows Server 2016.