High severityNVD Advisory· Published Dec 13, 2022· Updated Jul 22, 2025
.NET Framework Remote Code Execution Vulnerability
CVE-2022-41089
Description
.NET Framework Remote Code Execution Vulnerability
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Microsoft.WindowsDesktop.App.Runtime.win-x64NuGet | >= 3.1.0, < 3.1.32 | 3.1.32 |
Microsoft.WindowsDesktop.App.Runtime.win-x86NuGet | >= 3.1.0, < 3.1.32 | 3.1.32 |
Microsoft.WindowsDesktop.App.Runtime.win-arm64NuGet | >= 6.0.0, < 6.0.12 | 6.0.12 |
Microsoft.WindowsDesktop.App.Runtime.win-x64NuGet | >= 6.0.0, < 6.0.12 | 6.0.12 |
Microsoft.WindowsDesktop.App.Runtime.win-x86NuGet | >= 6.0.0, < 6.0.12 | 6.0.12 |
Microsoft.WindowsDesktop.App.Runtime.win-arm64NuGet | >= 7.0.0, < 7.0.1 | 7.0.1 |
Microsoft.WindowsDesktop.App.Runtime.win-x86NuGet | >= 7.0.0, < 7.0.1 | 7.0.1 |
Microsoft.WindowsDesktop.App.Runtime.win-x64NuGet | >= 7.0.0, < 7.0.1 | 7.0.1 |
Affected products
23- ghsa-coords3 versionspkg:nuget/microsoft.windowsdesktop.app.runtime.win-arm64pkg:nuget/microsoft.windowsdesktop.app.runtime.win-x64pkg:nuget/microsoft.windowsdesktop.app.runtime.win-x86
>= 6.0.0, < 6.0.12+ 2 more
- (no CPE)range: >= 6.0.0, < 6.0.12
- (no CPE)range: >= 3.1.0, < 3.1.32
- (no CPE)range: >= 3.1.0, < 3.1.32
2.0.0+ 10 more
- (no CPE)range: 2.0.0
- (no CPE)range: 3.0.0
- (no CPE)range: 3.5.0
- (no CPE)range: 3.5.0
- (no CPE)range: 10.0.0
- (no CPE)range: 4.7.0
- (no CPE)range: 4.8.0
- (no CPE)range: 4.8.1
- (no CPE)range: 4.7.0
- (no CPE)range: 4.7.0
- (no CPE)range: 4.8.0
- Microsoft/Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)v5Range: 16.11.0
- Microsoft/Microsoft Visual Studio 2022 version 17.0v5Range: 17.0.0
- Microsoft/Microsoft Visual Studio 2022 version 17.2v5Range: 17.2.0
- Microsoft/Microsoft Visual Studio 2022 version 17.4v5Range: 17.4.0
- Microsoft/.NET 6.0v5Range: 6.0.0
- Microsoft/.NET 7.0v5Range: 7.0.0
- Microsoft/.NET Core 3.1v5Range: 3.1
7.2.0+ 1 more
- (no CPE)range: 7.2.0
- (no CPE)range: 7.3.0
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-2c7v-qcjp-4mg2ghsaADVISORY
- msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41089ghsavendor-advisoryWEB
- github.com/dotnet/announcements/issues/242ghsaWEB
- github.com/dotnet/wpf/commit/5f4c0f7763a06b024c8a517616e0fc0194e997a4ghsaWEB
- github.com/dotnet/wpf/commit/7b0be4d41c33ce8525d8160bf8869cac10f8a8cdghsaWEB
- github.com/dotnet/wpf/commit/c08825a9889e6c798fe95ed5ec1f6a9f517ab5a0ghsaWEB
- github.com/dotnet/wpf/security/advisories/GHSA-2c7v-qcjp-4mg2ghsaWEB
News mentions
0No linked articles in our index yet.