Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10603
HistoryNov 11, 2014 - 12:00 a.m.

KLA10603 Multiple vulnerabilities in Microsoft .NET Framework

2014-11-1100:00:00
Kaspersky Lab
threats.kaspersky.com
478

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.926 High

EPSS

Percentile

99.0%

JSON

Detect date:

11/11/2014

Severity:

High

Description:

Multiple serious vulnerabilities have been found in Microsoft .NET Framework. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions fain privileges, execute arbitrary code or obtain sensitive information.

Affected products:

Microsoft .NET Framework version 1.0 Service Pack 3
Microsoft .NET Framework version 1.1 Service Pack 1
Microsoft .NET Framework version 2.0 Service Pack 2
Microsoft .NET Framework versions 3.5, 3.5.1, 4, 4.5, 4.5.1

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2014-4072
CVE-2014-0257
CVE-2014-0253
CVE-2014-0295
CVE-2014-4149
CVE-2014-4122
CVE-2014-4121
CVE-2014-4062
CVE-2014-4073
CVE-2014-1806

Impacts:

ACE

Related products:

Microsoft .NET Framework

CVE-IDS:

CVE-2014-40725.0Critical
CVE-2014-02579.3Critical
CVE-2014-02535.0Critical
CVE-2014-02954.3Warning
CVE-2014-41499.3Critical
CVE-2014-41224.3Warning
CVE-2014-40624.3Warning

Microsoft official advisories:

KB list:

2972098
2898855
2898856
2898857
2898858
2979578
2979575
2979574
2979577
2979576
2979571
2979570
2979573
2931365
2931366
2931367
2931368
2984625
2979568
2904878
2943344
2943357
3000414
2972105
2972107
2972106
2972101
2972100
2972103
2973113
2973112
2973115
2973114
2978121
2978120
2978122
2932079
2978124
2978127
2978126
2978128
2990931
2972215
2972214
2972216
2972211
2972213
2972212
2974268
2974269
2958732
2901128
2901125
2901127
2901126
2901120
3005210
2931356
2972207
2916607
2968296
2898868
2968294
2968295
2968292
2977766
2898860
2977765
2898865
2898864
2898866
2931358
2911502
2931354
2931357
2911501
2931352
2898869
2898870
2898871
2978114
2978116
2937608
2978125
2966828
2966827
2966826
2966825
2978042
2901115
2978041
2901110
2901111
2901112
2901113
2901118
2901119
2937610

Exploitation:

Public exploits exist for this vulnerability.

References

Related

mskb 6
openvas 8
nessus 6
exploitpack 4
exploitdb 5
googleprojectzero 1
securityvulns 5
seebug 6
symantec 9
packetstorm 1
prion 10
myhack58 1
cve 10
checkpoint_advisories 4
metasploit 1
hackerone 1
zdt 1
msrc 1
mskb
mskb
MS14-009: Vulnerabilities in the .NET Framework could allow elevation of privilege: February 11, 2014
2014-02-11 00:00:00
MS14-057: Vulnerabilities in the .NET Framework could allow remote code execution: October 14, 2014
2014-10-14 00:00:00
MS14-072: Vulnerability in the .NET Framework could allow elevation of privilege: November 11, 2014
2014-11-11 00:00:00
openvas
openvas
Microsoft .NET Framework Multiple Vulnerabilities (2916607)
2014-02-12 00:00:00
Microsoft .NET Framework Multiple Vulnerabilities (2916607)
2014-02-12 00:00:00
Microsoft .NET Framework Remote Code Execution Vulnerability (3000414)
2014-10-15 00:00:00
nessus
nessus
MS14-009: Vulnerabilities in .NET Framework Could Allow Privilege Escalation (2916607)
2014-02-12 00:00:00
MS14-057: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414)
2014-10-15 00:00:00
MS14-072: Vulnerability in .NET Framework Could Allow Elevation of Privilege (3005210)
2014-11-12 00:00:00
exploitpack
exploitpack
.NET Remoting Services - Remote Command Execution
2014-11-17 00:00:00
Microsoft Windows 10 - COM Desktop Broker Privilege Escalation
2019-01-14 00:00:00
Microsoft Windows - ManagementObject Arbitrary .NET Serialization Remote Code Execution
2017-04-20 00:00:00
exploitdb
exploitdb
.NET Remoting Services - Remote Command Execution
2014-11-17 00:00:00
Microsoft .NET Deployment Service - IE Sandbox Escape (MS14-009) (Metasploit)
2014-06-27 00:00:00
Realtek Audio Driver 6.0.1.7898 (Windows 10) - Dolby Audio X2 Service Privilege Escalation
2017-04-25 00:00:00
googleprojectzero
googleprojectzero
Exploiting .NET Managed DCOM
2017-04-28 00:00:00
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2014-02-11 00:00:00
Microsoft Windows multiple security vulnerabilities
2014-10-15 00:00:00
Microsoft Windows multiple security vulnerabilities
2014-05-14 00:00:00
seebug
seebug
Microsoft .NET Framework 远程权利提升漏洞(CVE-2014-0257)(MS14-009)
2014-02-12 00:00:00
MS14-009 .NET Deployment Service IE Sandbox Escape
2014-07-01 00:00:00
Microsoft .NET Framework 远程拒绝服务漏洞(CVE-2014-0253)(MS14-009)
2014-02-12 00:00:00
symantec
symantec
Microsoft .NET Framework CVE-2014-0257 Remote Privilege Escalation Vulnerability
2014-02-11 00:00:00
Microsoft .NET Framework CVE-2014-0253 Remote Denial of Service Vulnerability
2014-02-11 00:00:00
Microsoft .NET Framework CVE-2014-4149 Remote Privilege Escalation Vulnerability
2014-11-11 00:00:00
packetstorm
packetstorm
MS14-009 .NET Deployment Service IE Sandbox Escape
2014-06-27 00:00:00
prion
prion
Design/Logic Flaw
2014-02-12 04:50:00
Remote code execution
2014-10-15 10:55:00
Cross site request forgery (csrf)
2014-02-12 04:50:00
myhack58
myhack58
How to use. NET managed DCOM to achieve elevation of privilege-vulnerability warning-the black bar safety net
2017-05-19 00:00:00
cve
cve
CVE-2014-4121
2014-10-15 10:55:00
CVE-2014-0257
2014-02-12 04:50:00
CVE-2014-0253
2014-02-12 04:50:00
checkpoint_advisories
checkpoint_advisories
Microsoft ASP.NET POST Request Denial of Service (MS14-009; CVE-2014-0253)
2014-03-11 00:00:00
Microsoft .NET Framework Remote Code Execution (MS14-057; CVE-2014-4121)
2014-10-14 00:00:00
Microsoft .NET Framework TypeFilterLevel Code Execution (MS14-026; CVE-2014-1806)
2014-07-21 00:00:00
metasploit
metasploit
MS14-009 .NET Deployment Service IE Sandbox Escape
2014-05-29 16:45:19
hackerone
hackerone
Sandbox Escape: .NET Type Traversal Vulnerability
2014-02-11 00:00:00
zdt
zdt
.NET Remoting Services Remote Command Execution Vulnerability
2014-11-17 00:00:00
msrc
msrc
More Details About CVE-2014-4073 Elevation of Privilege Vulnerability
2014-10-14 07:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.926 High

EPSS

Percentile

99.0%

JSON
Related for KLA10603
mskb6openvas8nessus6exploitpack4exploitdb5googleprojectzero1securityvulns5seebug6symantec9packetstorm1prion10myhack581cve10checkpoint_advisories4metasploit1hackerone1zdt1msrc1