CVE-2014-4062

2014-08-1221:55:00

CWE-264

[email protected]

web.nvd.nist.gov

microsoft

.net framework

aslr

vulnerability

cve-2014-4062

nvd

6.1 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.087 Low

EPSS

Percentile

94.5%

JSON

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, and 3.5.1 does not properly implement the ASLR protection mechanism, which allows remote attackers to obtain sensitive address information via a crafted web site, aka “.NET ASLR Vulnerability.”

CPENameOperatorVersion
microsoft:.net_frameworkmicrosoft .net frameworkeq1.1
microsoft:.net_frameworkmicrosoft .net frameworkeq2.0
microsoft:.net_frameworkmicrosoft .net frameworkeq3.5
microsoft:.net_frameworkmicrosoft .net frameworkeq3.0
microsoft:.net_frameworkmicrosoft .net frameworkeq3.5.1

CPE	Name	Operator	Version
microsoft:.net_framework	microsoft .net framework	eq	1.1
microsoft:.net_framework	microsoft .net framework	eq	2.0
microsoft:.net_framework	microsoft .net framework	eq	3.5
microsoft:.net_framework	microsoft .net framework	eq	3.0
microsoft:.net_framework	microsoft .net framework	eq	3.5.1