Applies to:
Microsoft .NET Framework 3.0 SP2 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6
Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.
View products that this article applies to.
Applies to:
Microsoft .NET Framework 3.0 SP2 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An Authentication Bypass vulnerability exists in WCF and WIF, allowing signing of SAML tokens with arbitrary symmetric keys. This vulnerability allows an attacker to impersonate another user. The vulnerability exists in WCF, WIF 3.5 and above in .NET Framework, WIF 1.0 component in Windows, WIF Nuget package, and WIF implementation in Sharepoint. An information disclosure vulnerability exists when Exchange and Azure Active Directory allow creation of entities with Display Names having non-printable characters.
To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE).
Important
Keywords: kbsurveynew, kbsecvulnerability, kbsecurity, kbsecreview, kbsecbulletin, kbmustloc, kblangall, kbbug, kbexpertiseinter, kb, atdownload, kbSupportTopic, kbContentAuto, Vulnerabilities/exploits/security bulletins, kbfix