SMB: Microsoft .NET Framework Mscoreei Insecure Library Load
This signature detects an attempt to exploit a known vulnerability against Microsoft .NET framework while loading certain library files. Successful exploitation could allow an attacker to run arbitrary commands which could lead to further attacks.
Extended Description
Microsoft .NET Framework 4.6 and 4.6.1 mishandles library loading, which allows local users to gain privileges via a crafted application, aka ".NET Framework Remote Code Execution Vulnerability."
Affected Products
Microsoft .net_framework
References
CVE: CVE-2016-0148
URL: https://technet.microsoft.com/en-us/library/security/ms16-041 http://www.zerodayinitiative.com/advisories/zdi-16-234/ https://technet.microsoft.com/library/security/ms16-041 https://www.securify.nl/advisory/sfy20160201/_net_framework_4_6_allows_side_loading_of_windows_api_set_dll.html
Short Name
SMB:EXPLOIT:MSCOREDLL-LOAD
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
SMB
Keywords
.NET CVE-2016-0148 Framework Insecure Library Load Microsoft Mscoreei
Release Date
06/16/2016
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3415
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.2