Very Low
.NET Partial-Trust bypass via browser command-line injection in System.Windows.Forms.Help
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
Very Low
(1 user assessed)High
(1 user assessed)Unknown
Unknown
Unknown
.NET Partial-Trust bypass via browser command-line injection in System.Windows.Forms.Help
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
A command-line injection vulnerability exists in the core .NET class System.Windows.Forms.Help::ShowHelp function allowing an attacker without “UnmanagedCode” permission to nevertheless directly control arguments passed to a “ShellExecute” invocation of the users’ default browser. This vulnerability allows an attacker who is able to run arbitrary .NET code within a .NET PartialTrust sandbox including the “WebPermission” permission for any URL to inject arbitrary parameters after the first parameter into the command line of the users’ default browser.
Add Assessment
Ratings
-
Attacker ValueVery Low
-
ExploitabilityHigh
Technical Analysis
Documentation updated to discuss security risk, MS does not consider this a privilege boundary.
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportGeneral Information
References
Additional Info
Technical Analysis
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below: