CVE-2023-28260: 
vulnerability analysis and mitigation

.NET DLL Hijacking Remote Code Execution Vulnerability (CVE-2023-28260) was discovered and initially recorded on March 13, 2023. The vulnerability affects Microsoft .NET versions 6.0.0 to 6.0.16, 7.0.0 to 7.0.5, and Visual Studio 2022 versions ranging from 17.0 to 17.5.4 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High), with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction, while potentially impacting confidentiality, integrity, and availability at high levels (NVD).

This DLL Hijacking vulnerability could potentially lead to Remote Code Execution, allowing attackers to execute malicious code on affected systems. The high CVSS score indicates severe potential impacts on system confidentiality, integrity, and availability (Microsoft).

Microsoft has released security updates to address this vulnerability. Users should update to .NET versions 6.0.16 or later, 7.0.5 or later, and Visual Studio 2022 versions 17.0.21, 17.2.15, 17.4.7, or 17.5.4 or later depending on their installed version (NVD).