CVE-2022-41089
high
CVSS v3
7.8
CVSS v4 NEW
โ
VIR risk
7.8
Description
.NET Remote Code Execution Vulnerability
Predictions
Exploit likelihood
85%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| NuGet | Microsoft.WindowsDesktop.App.Runtime.win-x64 | >=3.1.0,<3.1.32 | 3.1.32 |
| NuGet | Microsoft.WindowsDesktop.App.Runtime.win-x86 | >=3.1.0,<3.1.32 | 3.1.32 |
| NuGet | Microsoft.WindowsDesktop.App.Runtime.win-arm64 | >=6.0.0,<6.0.12 | 6.0.12 |
| NuGet | Microsoft.WindowsDesktop.App.Runtime.win-x64 | >=6.0.0,<6.0.12 | 6.0.12 |
| NuGet | Microsoft.WindowsDesktop.App.Runtime.win-x86 | >=6.0.0,<6.0.12 | 6.0.12 |
| NuGet | Microsoft.WindowsDesktop.App.Runtime.win-arm64 | >=7.0.0,<7.0.1 | 7.0.1 |
| NuGet | Microsoft.WindowsDesktop.App.Runtime.win-x86 | >=7.0.0,<7.0.1 | 7.0.1 |
| NuGet | Microsoft.WindowsDesktop.App.Runtime.win-x64 | >=7.0.0,<7.0.1 | 7.0.1 |
References
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41089
- https://github.com/dotnet/wpf/security/advisories/GHSA-2c7v-qcjp-4mg2
- https://github.com/dotnet/announcements/issues/242
- https://github.com/dotnet/wpf/commit/5f4c0f7763a06b024c8a517616e0fc0194e997a4
- https://github.com/dotnet/wpf/commit/7b0be4d41c33ce8525d8160bf8869cac10f8a8cd
- https://github.com/dotnet/wpf/commit/c08825a9889e6c798fe95ed5ec1f6a9f517ab5a0
- https://github.com/dotnet/wpf
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.