Short Name |
HTTP:MICROSOFT-WSDL-RCE |
---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft .NET Framework WSDL Remote Code Execution |
Release Date |
2017/09/28 |
Update Number |
2994 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in Microsoft .NET Framework. The vulnerability is due to improper processing of untrusted input while parsing WSDL files. A remote attacker could exploit this vulnerability by convincing a target user to open a malicious document or application. Successful exploitation of this vulnerability could allow the attacker execute arbitrary code under the security context of the target user.
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."