Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka .NET Security Feature Bypass Vulnerability.
The product does not validate, or incorrectly validates, a certificate.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| .net_framework | Microsoft | 2.0-sp2 (including) | 2.0-sp2 (including) |
| .net_framework | Microsoft | 3.5 (including) | 3.5 (including) |
| .net_framework | Microsoft | 3.5.1 (including) | 3.5.1 (including) |
| .net_framework | Microsoft | 4.5.2 (including) | 4.5.2 (including) |
| .net_framework | Microsoft | 4.6 (including) | 4.6 (including) |
| .net_framework | Microsoft | 4.6.1 (including) | 4.6.1 (including) |
| .net_framework | Microsoft | 4.6.2 (including) | 4.6.2 (including) |
| .net_framework | Microsoft | 4.7 (including) | 4.7 (including) |