.NET DLL Hijacking RCE Vulnerability
CVE-2023-28260 Published on April 11, 2023
.NET DLL Hijacking Remote Code Execution Vulnerability
.NET DLL Hijacking Remote Code Execution Vulnerability
Products Associated with CVE-2023-28260
Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.
Affected Versions
Microsoft .NET 6.0:- Version 6.0.0 and below 6.0.16 is affected.
- Version 7.0.0 and below 7.0.5 is affected.
- Version 17.5.0 and below 17.5.4 is affected.
- Version 17.4.0 and below 17.4.7 is affected.
- Version 17.2.0 and below 17.2.15 is affected.
- Version 17.0.0 and below 17.0.21 is affected.
- Version 7.3.0 and below 7.3.4 is affected.
- Version 7.2.0 and below 7.2.11 is affected.
Vulnerable Packages
The following package name and versions may be associated with CVE-2023-28260
| Package Manager | Vulnerable Package | Versions | Fixed In |
|---|---|---|---|
| nuget | Microsoft.NetCore.App.Runtime.win-arm | >= 7.0.0, <= 7.0.4 | 7.0.5 |
| nuget | Microsoft.NetCore.App.Runtime.win-arm | >= 6.0.0, <= 6.0.15 | 6.0.16 |
| nuget | Microsoft.NetCore.App.Runtime.win-arm64 | >= 7.0.0, <= 7.0.4 | 7.0.5 |
| nuget | Microsoft.NetCore.App.Runtime.win-arm64 | >= 6.0.0, <= 6.0.15 | 6.0.16 |
| nuget | Microsoft.NetCore.App.Runtime.win-x86 | >= 7.0.0, <= 7.0.4 | 7.0.5 |
| nuget | Microsoft.NetCore.App.Runtime.win-x86 | >= 6.0.0, <= 6.0.15 | 6.0.16 |
| nuget | Microsoft.NetCore.App.Runtime.win-x64 | >= 6.0.0, <= 6.0.15 | 6.0.16 |
| nuget | Microsoft.NetCore.App.Runtime.win-x64 | >= 7.0.0, <= 7.0.4 | 7.0.5 |
Exploit Probability
EPSS
2.00%
Percentile
83.44%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.