all InfoSec news
CVE-2023-36049: Microsoft .NET CRLF Injection Arbitrary File Write/Deletion Vulnerability
Zero Day Initiative - Blog www.zerodayinitiative.com
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Justin Hung and Yazhi Wang of the Trend Micro Research Team detail a recently patched privilege escalation vulnerability in .NET Framework and Visual Studio. This bug was originally discovered by Piotr Bazydło of Trend Micro’s Zero Day Initiative (ZDI). Successful exploitation of this vulnerability would allow a remote attacker to write or delete files in the context of the FTP server. The following is a portion of their …
arbitrary file write blog post bug crlf injection cve deletion escalation file framework initiative injection justin micro microsoft microsoft .net privilege privilege escalation report research service studio team trend trend micro visual studio vulnerability vulnerability research wang zdi zero day initiative