Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Lifecycle Timeline
2DescriptionCVE.org
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
AnalysisAI
Local privilege escalation in Microsoft .NET Framework (versions 3.5 through 10.0) and Visual Studio 2017 occurs through heap-based buffer overflow exploitation requiring user interaction with a malicious file. Attackers without initial privileges can achieve high-level code execution and data access by convincing a user to open a specially crafted document or application. Microsoft has released patches across all affected .NET versions per MSRC advisory, indicating this is a vendor-confirmed issue requiring immediate remediation for systems where users process untrusted .NET content.
Technical ContextAI
This vulnerability affects the core .NET runtime across multiple framework versions including legacy .NET Framework 3.5-4.8.1, modern .NET 8.0-10.0, and Visual Studio 2017 development environments. The root cause is CWE-122 (heap-based buffer overflow), a memory corruption flaw where untrusted input causes the runtime to write beyond allocated heap boundaries during processing. Unlike stack overflows, heap corruption can be more complex to exploit but enables precise memory manipulation for privilege escalation. The widespread CPE coverage indicates the flaw resides in shared .NET runtime components used across framework versions, affecting both application execution and development tool environments where .NET assemblies are processed.
RemediationAI
Apply security updates from Microsoft Security Response Center immediately via Windows Update or manual download from https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32177, ensuring patches match specific .NET Framework and runtime versions installed. For Visual Studio 2017 environments, update to the latest servicing release through Visual Studio Installer. Until patching is complete, implement application whitelisting (AppLocker/Windows Defender Application Control) to restrict .NET assembly execution to trusted publishers only, though this may impact developer workflows and legitimate business applications requiring policy exceptions. Educate users to avoid opening .NET executables, DLLs, or Visual Studio project files from untrusted sources including email attachments and unverified downloads. On high-risk systems, consider temporarily disabling .NET Framework versions not actively required by business applications, noting that many Windows components and third-party software have .NET dependencies that may break if disabled.
Infinite loop denial-of-service vulnerability in Microsoft .NET Framework (3.5 through 4.8.1), .NET 8.0, 9.0, and 10.0 a
Denial-of-service condition in Microsoft .NET Framework 8.0, 9.0, and 10.0 allows unauthenticated remote attackers to ex
Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service o
Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.
Privilege elevation in ASP.NET Core (bundled with .NET 8.0, 9.0, and 10.0) lets an already-authenticated, low-privileged
Privilege elevation in ASP.NET Core (bundled with .NET 8.0, 9.0, and 10.0) lets an already-authenticated, low-privileged
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully
Security feature bypass in Microsoft .NET (versions 8.0, 9.0, and 10.0) lets a remote, unauthenticated attacker circumve
Denial of service in Microsoft .NET (versions 8.0, 9.0, and 10.0) allows a remote, unauthenticated attacker to crash or
Denial of service in Microsoft .NET (versions 8.0, 9.0, and 10.0) and the legacy .NET Framework (3.5 through 4.8.1) allo
Denial of service in ASP.NET Core (the web framework shipped with .NET 8.0, 9.0, and 10.0) lets a remote, unauthenticate
Remote denial of service in Microsoft .NET (versions 8.0, 9.0, and 10.0) allows an unauthenticated network attacker to c
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Heap Overflow
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29572