CVE-2024-29059
Microsoft .NET Framework Information Disclosure Vulnerability
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
Act
*SSVC
Descriptions
.NET Framework Information Disclosure Vulnerability
Vulnerabilidad de divulgación de información de .NET Framework
Microsoft .NET Framework contains an information disclosure vulnerability that exposes the ObjRef URI to an attacker, ultimately enabling remote code execution.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Act
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-03-14 CVE Reserved
- 2024-03-22 CVE Published
- 2024-03-25 First Exploit
- 2025-02-04 Exploited in Wild
- 2025-02-25 KEV Due Date
- 2025-05-03 CVE Updated
- 2025-07-04 EPSS Updated
CWE
- CWE-209: Generation of Error Message Containing Sensitive Information
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/codewhitesec/HttpRemotingObjRefLeak | 2024-03-25 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29059 | 2024-04-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Microsoft .NET Framework 4.8 Search vendor "Microsoft" for product "Microsoft .NET Framework 4.8" | >= 4.8.0.0 < 4.8.04690.02 Search vendor "Microsoft" for product "Microsoft .NET Framework 4.8" and version " >= 4.8.0.0 < 4.8.04690.02" | en |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Microsoft .NET Framework 3.5 AND 4.8 Search vendor "Microsoft" for product "Microsoft .NET Framework 3.5 AND 4.8" | >= 4.8.0.0 < 4.8.04690.02 Search vendor "Microsoft" for product "Microsoft .NET Framework 3.5 AND 4.8" and version " >= 4.8.0.0 < 4.8.04690.02" | en |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Microsoft .NET Framework 3.5 AND 4.7.2 Search vendor "Microsoft" for product "Microsoft .NET Framework 3.5 AND 4.7.2" | >= 4.7.0.0 < 4.7.04081.03 Search vendor "Microsoft" for product "Microsoft .NET Framework 3.5 AND 4.7.2" and version " >= 4.7.0.0 < 4.7.04081.03" | en |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Search vendor "Microsoft" for product "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2" | >= 4.7.0.0 < 4.7.04081.03 Search vendor "Microsoft" for product "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2" and version " >= 4.7.0.0 < 4.7.04081.03" | en |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Microsoft .NET Framework 3.5 AND 4.8.1 Search vendor "Microsoft" for product "Microsoft .NET Framework 3.5 AND 4.8.1" | >= 4.8.1.0 < 4.8.09214.01 Search vendor "Microsoft" for product "Microsoft .NET Framework 3.5 AND 4.8.1" and version " >= 4.8.1.0 < 4.8.09214.01" | en |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Microsoft .NET Framework 4.6.2 Search vendor "Microsoft" for product "Microsoft .NET Framework 4.6.2" | >= 4.7.0.0 < 4.7.04081.03 Search vendor "Microsoft" for product "Microsoft .NET Framework 4.6.2" and version " >= 4.7.0.0 < 4.7.04081.03" | en |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Microsoft .NET Framework 3.5 AND 4.6/4.6.2 Search vendor "Microsoft" for product "Microsoft .NET Framework 3.5 AND 4.6/4.6.2" | >= 10.0.0.0 < 10.0.10240.20402 Search vendor "Microsoft" for product "Microsoft .NET Framework 3.5 AND 4.6/4.6.2" and version " >= 10.0.0.0 < 10.0.10240.20402" | en |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Microsoft .NET Framework 2.0 Service Pack 2 Search vendor "Microsoft" for product "Microsoft .NET Framework 2.0 Service Pack 2" | >= 2.0.0.0 < 3.0.50727.8976 Search vendor "Microsoft" for product "Microsoft .NET Framework 2.0 Service Pack 2" and version " >= 2.0.0.0 < 3.0.50727.8976" | en |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Microsoft .NET Framework 3.0 Service Pack 2 Search vendor "Microsoft" for product "Microsoft .NET Framework 3.0 Service Pack 2" | >= 3.0.0.0 < 3.0.50727.8976 Search vendor "Microsoft" for product "Microsoft .NET Framework 3.0 Service Pack 2" and version " >= 3.0.0.0 < 3.0.50727.8976" | en |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Microsoft .NET Framework 3.5 Search vendor "Microsoft" for product "Microsoft .NET Framework 3.5" | >= 3.0.50727.8976 < 3.5.0.0 Search vendor "Microsoft" for product "Microsoft .NET Framework 3.5" and version " >= 3.0.50727.8976 < 3.5.0.0" | en |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Microsoft .NET Framework 3.5.1 Search vendor "Microsoft" for product "Microsoft .NET Framework 3.5.1" | >= 3.0.30729.8959 < 3.5.0.0 Search vendor "Microsoft" for product "Microsoft .NET Framework 3.5.1" and version " >= 3.0.30729.8959 < 3.5.0.0" | en |
Affected
| ||||||