
====================================================================

                                   CERT-Renater

                        Note d'Information No. 2016/VULN162
_____________________________________________________________________

DATE                : 13/04/2016

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running .NET Framework.

======================================================================
KB3148789
https://technet.microsoft.com/en-us/library/security/MS16-041
_____________________________________________________________________

Microsoft Security Bulletin MS16-041: Security Update for .NET
Framework (3148789)

Document Metadata

Bulletin Number: MS16-041

Bulletin Title: Security Update for .NET Framework

Severity: Important

KB Article: 3148789

Version: 1.0


Executive Summary

This security update resolves a vulnerability in Microsoft .NET
Framework. The vulnerability could allow remote code execution if an
attacker with access to the local system executes a malicious
application.

This security update is rated Important for Microsoft .NET Framework
4.6 and Microsoft .NET Framework 4.6.1 on affected releases of
Microsoft Windows.


Affected Software

Microsoft .NET Framework 4.6

Microsoft .NET Framework 4.6.1


Vulnerability Information

.NET Framework Remote Code Execution Vulnerability - CVE-2016-0148

A remote code execution vulnerability exists when Microsoft .NET
Framework fails to properly validate input before loading libraries. An
attacker who successfully exploited this vulnerability could take
control of an affected system. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user
rights. Users whose accounts are configured to have fewer user rights
on the system could be less impacted than users who operate with
administrative user rights.

To exploit the vulnerability, an attacker would first need to access
the local system with the ability to execute a malicious application.
The security update addresses the vulnerability by correcting how .NET
validates input on library load.

The following table contains links to the standard entry for each
vulnerability in the Common Vulnerabilities and Exposures list:

Vulnerability title   CVE number   Publicly disclosed   Exploited
.NET Framework Remote Code
Execution Vulnerability	  CVE-2016-0148    Yes		No

==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================