32
- شناسه CVE-2025-21176 :CVE
- CWE-126 :CWE
- yes :Advisory
- منتشر شده: ژانویه 14, 2025
- به روز شده: ژانویه 31, 2025
- امتیاز: 8.8
- نوع حمله: Unknown
- اثر گذاری: Remote code execution(RCE)
- حوزه: برنامه نویسی
- برند: Microsoft
- محصول: Visual Studio
- وضعیتPublished :CVE
- No :POC
- وضعیت آسیب پذیری: patch شده
چکیده
یک آسیبپذیری در Microsoft .NET، .NET Framework و Visual Studio شناسایی شده است. ایجاد تغییرات منجر به خواندن بیش از حد از بافر (buffer over-read) میشود. ممکن است حمله از راه دور انجام شود. توصیه میشود که پچ امنیتی برای رفع این مشکل اعمال شود.
توضیحات
طبق طبقهبندی CWE-126، محصول از بافر با استفاده از مکانیزمهای دسترسی به بافر مانند ایندکسها یا اشارهگرها(indexes or pointers) که به مکانهای حافظه پس از بافر هدف اشاره میکنند، خوانده میشود. این موضوع بر محرمانگی (Confidentiality)، یکپارچگی (Integrity) و دسترسپذیری (Availability) تأثیر میگذارد.
اکسپلویت آن نسبتاً آسان ارزیابی شده است و حمله میتواند از راه دور انجام شود. برای اکسپلویت موفق، نیازی به احراز هویت نیست اما موفقیت در اکسپلویت نیازمند تعامل کاربر وقربانی است. برای اکسپلویت این آسیبپذیری، مهاجم باید کاربر را متقاعد کند که یک فایل پکیج مخرب را در Visual Studio باز کند.
ابزار اسکن آسیبپذیری Nessus پلاگینی با شناسه 214126 برای شناسایی وجود این نقص امنیتی در محیط هدف دارد.
برای رفع این مشکل، بهروزرسانی به پچ جدید، آسیبپذیری را برطرف میکند.
CVSS
| Score | Severity | Version | Vector String |
| 8.8 | HIGH | 3.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
لیست محصولات آسیب پذیر
| Versions | Platforms | Product |
| affected from 15.9.0 before 15.9.69 | Unknown | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8) |
| affected from 16.11.0 before 16.11.43 | Unknown | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10) |
| affected from 17.6.0 before 17.6.22 | Unknown | Microsoft Visual Studio 2022 version 17.6 |
| affected from 17.8.0 before 17.8.17 | Unknown | Microsoft Visual Studio 2022 version 17.8 |
| affected from 17.10 before 17.10.10 | Unknown | Microsoft Visual Studio 2022 version 17.10 |
| affected from 17.0 before 17.12.4 | Unknown
|
Microsoft Visual Studio 2022 version 17.12 |
| affected from 8.0.0 before 8.0.12 | Unknown | .NET 8.0 |
| affected from 9.0.0 before 9.0.1 | Unknown | .NET 9.0 |
| affected from 4.8.1 before 4.8.1.09294.01 | Windows 11 Version 24H2 for ARM64-based Systems, Windows 11 Version 24H2 for x64-based Systems, Windows Server 2022, Windows Server 2022 (Server Core installation), Windows 10 Version 21H2 for 32-bit Systems, Windows 10 Version 21H2 for ARM64-based Systems, Windows 10 Version 21H2 for x64-based Systems, Windows 11 Version 22H2 for ARM64-based Systems, Windows 11 Version 22H2 for x64-based Systems, Windows 10 Version 22H2 for x64-based Systems, Windows 10 Version 22H2 for ARM64-based Systems, Windows 10 Version 22H2 for 32-bit Systems, Windows 11 Version 23H2 for ARM64-based Systems, Windows 11 Version 23H2 for x64-based Systems, Windows Server 2022, 23H2 Edition (Server Core installation)
|
Microsoft .NET Framework 3.5 AND 4.8.1 |
| affected from 4.8.0 before 4.8.04775.01 | Windows 10 Version 1607 for 32-bit Systems, Windows 10 Version 1607 for x64-based Systems, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 R2 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)
|
Microsoft .NET Framework 4.8 |
| affected from 4.8.0 before 4.8.04775.01 | Windows 10 Version 1809 for 32-bit Systems, Windows 10 Version 1809 for x64-based Systems, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022 (Server Core installation), Windows 10 Version 21H2 for 32-bit Systems, Windows 10 Version 21H2 for ARM64-based Systems, Windows 10 Version 21H2 for x64-based Systems, Windows 10 Version 22H2 for x64-based Systems, Windows 10 Version 22H2 for ARM64-based Systems, Windows 10 Version 22H2 for 32-bit Systems
|
Microsoft .NET Framework 3.5 AND 4.8 |
| affected from 4.7.0 before 4.7.04126.01 | Windows 10 Version 1809 for 32-bit Systems, Windows 10 Version 1809 for x64-based Systems, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation)
|
Microsoft .NET Framework 3.5 AND 4.7.2 |
| affected from 3.0.0.0 before 10.0.14393.7699 | Windows 10 Version 1607 for 32-bit Systems, Windows 10 Version 1607 for x64-based Systems
|
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 |
| affected from 4.7.0 before 4.7.04126.01 | Windows Server 2008 R2 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 |
| affected from 4.7.0 before 4.7.04126.01 | Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation), Windows Server 2008 for x64-based Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Microsoft .NET Framework 4.6.2 |
| affected from 10.0.0.0 before 10.0.10240.20890 | Windows 10 for 32-bit Systems, Windows 10 for x64-based Systems | Microsoft .NET Framework 4.6/4.6.2 |
لیست محصولات بروز شده
| Product | Platform | Impact | Max Severity | Build Number |
| Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8) | Remote Code Execution | Important | 15.9.69 | |
| Microsoft .NET Framework 4.6/4.6.2 | Windows 10 for x64-based Systems | Remote Code Execution | Important | 10.0.10240.20890 |
| Microsoft .NET Framework 4.6/4.6.2 | Windows 10 for 32-bit Systems | Remote Code Execution | Important | 10.0.10240.20890 |
| Microsoft .NET Framework 4.6.2 | Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Remote Code Execution | Important | 4.7.04126.01 |
| Microsoft .NET Framework 4.6.2 | Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Remote Code Execution | Important | 4.7.04126.02 |
| Microsoft .NET Framework 4.6.2 | Windows Server 2008 for x64-based Systems Service Pack 2 | Remote Code Execution | Important | 4.7.04126.01 |
| Microsoft .NET Framework 4.6.2 | Windows Server 2008 for x64-based Systems Service Pack 2 | Remote Code Execution | Important | 4.7.04126.02 |
| Microsoft .NET Framework 4.6.2 | Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Remote Code Execution | Important | 4.7.04126.01 |
| Microsoft .NET Framework 4.6.2 | Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Remote Code Execution | Important | 4.7.04126.02 |
| Microsoft .NET Framework 4.6.2 | Windows Server 2008 for 32-bit Systems Service Pack 2 | Remote Code Execution | Important | 4.7.04126.01 |
| Microsoft .NET Framework 4.6.2 | Windows Server 2008 for 32-bit Systems Service Pack 2 | Remote Code Execution | Important | 4.7.04126.02 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Windows Server 2022, 23H2 Edition (Server Core installation) | Remote Code Execution | Important | 4.8.1.09294.01 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Windows 11 Version 23H2 for x64-based Systems | Remote Code Execution | Important | 4.8.1.09294.01 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Windows 11 Version 23H2 for ARM64-based Systems | Remote Code Execution | Important | 4.8.1.09294.01 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Windows 10 Version 22H2 for 32-bit Systems | Remote Code Execution | Important | 4.8.1.09294.01 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Windows 10 Version 22H2 for ARM64-based Systems | Remote Code Execution | Important | 4.8.1.09294.01 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Windows 10 Version 22H2 for x64-based Systems | Remote Code Execution | Important | 4.8.1.09294.01 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Windows 11 Version 22H2 for x64-based Systems | Remote Code Execution | Important | 4.8.1.09294.01 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Windows 11 Version 22H2 for ARM64-based Systems | Remote Code Execution | Important | 4.8.1.09294.01 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Windows 10 Version 21H2 for x64-based Systems | Remote Code Execution | Important | 4.8.1.09294.01 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Windows 10 Version 21H2 for ARM64-based Systems | Remote Code Execution | Important | 4.8.1.09294.01 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Windows 10 Version 21H2 for 32-bit Systems | Remote Code Execution | Important | 4.8.1.09294.01 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Windows Server 2022 (Server Core installation) | Remote Code Execution | Important | 4.8.1.09294.01 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Windows Server 2022 | Remote Code Execution | Important | 4.8.1.09294.01 |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | Windows Server 2012 R2 (Server Core installation) | Remote Code Execution | Important | 4.7.04126.01 |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | Windows Server 2012 R2 | Remote Code Execution | Important | 4.7.04126.01 |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | Windows Server 2012 (Server Core installation) | Remote Code Execution | Important | 4.7.04126.01 |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | Windows Server 2012 | Remote Code Execution | Important | 4.7.04126.01 |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Remote Code Execution | Important | 4.7.04126.01 |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Remote Code Execution | Important | 4.7.04126.02 |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Remote Code Execution | Important | 4.7.04126.01 |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Remote Code Execution | Important | 4.7.04126.02 |
| Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 | Windows 10 Version 1607 for x64-based Systems | Remote Code Execution | Important | 10.0.14393.7699 |
| Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 | Windows 10 Version 1607 for 32-bit Systems | Remote Code Execution | Important | 10.0.14393.7699 |
| Microsoft .NET Framework 3.5 AND 4.7.2 | Windows Server 2016 (Server Core installation) | Remote Code Execution | Important | 10.0.14393.7699 |
| Microsoft .NET Framework 3.5 AND 4.7.2 | Windows Server 2016 | Remote Code Execution | Important | 10.0.14393.7699 |
| Microsoft .NET Framework 3.5 AND 4.7.2 | Windows Server 2019 (Server Core installation) | Remote Code Execution | Important | 4.7.04126.01 |
| Microsoft .NET Framework 3.5 AND 4.7.2 | Windows Server 2019 | Remote Code Execution | Important | 4.7.04126.01 |
| Microsoft .NET Framework 3.5 AND 4.7.2 | Windows 10 Version 1809 for x64-based Systems | Remote Code Execution | Important | 4.7.04126.01 |
| Microsoft .NET Framework 3.5 AND 4.7.2 | Windows 10 Version 1809 for 32-bit Systems | Remote Code Execution | Important | 4.7.04126.01 |
| Microsoft .NET Framework 3.5 AND 4.8 | Windows 10 Version 22H2 for 32-bit Systems | Remote Code Execution | Important | 4.8.04775.01 |
| Microsoft .NET Framework 3.5 AND 4.8 | Windows 10 Version 22H2 for ARM64-based Systems | Remote Code Execution | Important | 4.8.04775.01 |
| Microsoft .NET Framework 3.5 AND 4.8 | Windows 10 Version 22H2 for x64-based Systems | Remote Code Execution | Important | 4.8.04775.01 |
| Microsoft .NET Framework 3.5 AND 4.8 | Windows 10 Version 21H2 for x64-based Systems | Remote Code Execution | Important | 4.8.04775.01 |
| Microsoft .NET Framework 3.5 AND 4.8 | Windows 10 Version 21H2 for ARM64-based Systems | Remote Code Execution | Important | 4.8.04775.01 |
| Microsoft .NET Framework 3.5 AND 4.8 | Windows 10 Version 21H2 for 32-bit Systems | Remote Code Execution | Important | 4.8.04775.01 |
| Microsoft .NET Framework 3.5 AND 4.8 | Windows Server 2022 (Server Core installation) | Remote Code Execution | Important | 4.8.04775.01 |
| Microsoft .NET Framework 3.5 AND 4.8 | Windows Server 2022 | Remote Code Execution | Important | 4.8.04775.01 |
| Microsoft .NET Framework 3.5 AND 4.8 | Windows Server 2019 (Server Core installation) | Remote Code Execution | Important | 4.8.04775.01 |
| Microsoft .NET Framework 3.5 AND 4.8 | Windows Server 2019 | Remote Code Execution | Important | 4.8.04775.01 |
| Microsoft .NET Framework 3.5 AND 4.8 | Windows 10 Version 1809 for x64-based Systems | Remote Code Execution | Important | 4.8.04775.01 |
| Microsoft .NET Framework 3.5 AND 4.8 | Windows 10 Version 1809 for 32-bit Systems | Remote Code Execution | Important | 4.8.04775.01 |
| Microsoft .NET Framework 4.8 | Windows Server 2012 R2 (Server Core installation) | Remote Code Execution | Important | 4.8.04775.01 |
| Microsoft .NET Framework 4.8 | Windows Server 2012 R2 | Remote Code Execution | Important | 4.8.04775.01 |
| Microsoft .NET Framework 4.8 | Windows Server 2012 (Server Core installation) | Remote Code Execution | Important | 4.8.04775.01 |
| Microsoft .NET Framework 4.8 | Windows Server 2012 | Remote Code Execution | Important | 4.8.04775.01 |
| Microsoft .NET Framework 4.8 | Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Remote Code Execution | Important | 4.8.04775.01 |
| Microsoft .NET Framework 4.8 | Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Remote Code Execution | Important | 4.8.04775.02 |
| Microsoft .NET Framework 4.8 | Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Remote Code Execution | Important | 4.8.04775.01 |
| Microsoft .NET Framework 4.8 | Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Remote Code Execution | Important | 4.8.04775.02 |
| Microsoft .NET Framework 4.8 | Windows Server 2016 (Server Core installation) | Remote Code Execution | Important | 4.8.04775.01 |
| Microsoft .NET Framework 4.8 | Windows Server 2016 | Remote Code Execution | Important | 4.8.04775.01 |
| Microsoft .NET Framework 4.8 | Windows 10 Version 1607 for x64-based Systems | Remote Code Execution | Important | 4.8.04775.01 |
| Microsoft .NET Framework 4.8 | Windows 10 Version 1607 for 32-bit Systems | Remote Code Execution | Important | 4.8.04775.01 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Windows 11 Version 24H2 for x64-based Systems | Remote Code Execution | Important | 4.8.1.09294.01 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Windows 11 Version 24H2 for ARM64-based Systems | Remote Code Execution | Important | 4.8.1.09294.01 |
| .NET 9.0 installed on Windows | Remote Code Execution | Important | 9.0.1 | |
| .NET 9.0 installed on Mac OS | Remote Code Execution | Important | 9.0.1 | |
| .NET 9.0 installed on Linux | Remote Code Execution | Important | 9.0.1 | |
| .NET 8.0 installed on Mac OS | Remote Code Execution | Important | 8.0.12 | |
| .NET 8.0 installed on Linux | Remote Code Execution | Important | 8.0.12 | |
| .NET 8.0 installed on Windows | Remote Code Execution | Important | 8.0.12 | |
| Microsoft Visual Studio 2022 version 17.12 | Remote Code Execution | Important | 17.12.4 | |
| Microsoft Visual Studio 2022 version 17.10 | Remote Code Execution | Important | 17.10.10 | |
| Microsoft Visual Studio 2022 version 17.8 | Remote Code Execution | Important | 17.8.17 | |
| Microsoft Visual Studio 2022 version 17.6 | Remote Code Execution | Important | 17.6.22 | |
| Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10) | Remote Code Execution | Important | 16.11.43 |
نتیجه گیری
برای جلوگیری از نفوذ، بهتر است از موارد بروزرسانی شده استفاده کنید.
منابع
- https://www.cve.org/CVERecord?id=CVE-2025-21176
- https://www.cvedetails.com/cve/CVE-2025-21176/
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21176
- https://vulmon.com/vulnerabilitydetails?qid=CVE-2025-21176
- https://vuldb.com/?id.291660
- https://nvd.nist.gov/vuln/detail/cve-2025-21176
- https://cwe.mitre.org/data/definitions/126.html
