Vulnerability Details: Title: Microsoft .NET Framework mscorerei DLL Planting Remote Code Execution Vulnerability Identification: - ZDI-16-234 - ZDI-CAN-3578 - CVE-2016-0148 (CVSS Score: 7.5) Affected Vendors: Microsoft Affected Products: .NET Framework Description: - The vulnerability enables remote attackers to execute arbitrary code on vulnerable .NET Framework installations, requiring user interaction through a malicious webpage, directory, or device. - The issue stems from the handling of a specific named DLL, allowing the loading of arbitrary DLLs by attackers, leading to code execution in the process's context. Remediation: An update from Microsoft is available; further details at this link. Disclosure Timeline: - Reported to vendor on 2016-03-29 - Public advisory released on 2016-04-12 Researcher: rgod