CVE-2014-1806

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability."...

Microsoft .NET Framework Privilege Elevation Vulnerability (2958732)

This host is missing an important security update according to Microsoft Bulletin MS14-026. OpenVAS Vulnerability Test $Id: gbms14-026.nasl 5365 2017-02-20 13:46:09Z cfi $ Microsoft .NET Framework Privilege Elevation Vulnerability 2958732 Authors: Antu Sanadi Copyright: Copyright C 2014 Greenbone...

Security Update for Microsoft .NET Framework 4.5 and 4.5.1 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2931367)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

MS14-026: Vulnerability in the .NET Framework could allow elevation of privilege: May 13, 2014

Resolves a vulnerability in the Microsoft .NET Framework that could allow elevation of privilege if an unauthenticated attacker sends specially crafted data to an affected workstation or server that has the .NET Framework Remoting feature enabled.View products that this article applies...

Microsoft .NET Framework TypeFilterLevel CVE-2014-1806 Remote Privilege Escalation Vulnerability

Description Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain escalated privileges within the context of the application; this can result in the attacker gaining complete control of the affected system. Technologies Affect...

Microsoft .NET Framework Unsupported

According to its self-reported version number, there is at least one version of Microsoft .NET Framework installed on the remote Windows host that is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely...

Microsoft .NET Framework ASLR安全限制绕过漏洞(CVE-2014-0295)(MS14-009)

BUGTRAQ ID: 65418 CVECAN ID: CVE-2014-0295 .NET就是微软的用来实现XML，Web Services，SOA（面向服务的体系结构service-oriented architecture）和敏捷性的技术。.NET Framework是微软开发的软件框架，主要运行在Microsoft Windows上。 Microsoft.NET Framework没有正确实现地址空间布局随机化，存在安全限制绕过漏洞。此漏洞可使攻击者绕过ASLR安全功能，然后即可加载恶意代码，利用其它漏洞。 0 Microsoft .NET Framework 4.x...

CVE-2014-0257

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via 1 a crafted web site or 2 a crafted .NET Framework application that exposes a COM serve...

Design/Logic Flaw

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via 1 a crafted web site or 2 a crafted .NET Framework application that exposes a COM serve...

Cross site request forgery (csrf)

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service ASP.NET daemon hang via crafted HTTP requests that trigger persistent resource consumption for a 1 stale or 2 clos...

CVE-2014-0295

CVE-2014-0295 affects Microsoft .NET Framework 2.0 SP2 and 3.5.1 due to VsaVb7rt.dll not implementing ASLR, enabling remote code execution via a crafted website. Public sources note exploitation in the wild (Feb 2014). Kaspersky and OpenVAS entries corroborate that ASLR bypass is the core issue i...

CVE-2014-0257

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via 1 a crafted web site or 2 a crafted .NET Framework application that exposes a COM serve...

Microsoft .NET Framework 远程权利提升漏洞(CVE-2014-0257)(MS14-009)

BUGTRAQ ID: 65417 CVECAN ID: CVE-2014-0257 .NET就是微软的用来实现XML，Web Services，SOA（面向服务的体系结构service-oriented architecture）和敏捷性的技术。.NET Framework是微软开发的软件框架，主要运行在Microsoft Windows上。 Microsoft.NET Framework内存在权限提升漏洞，可使攻击者提升其在受影响系统上的权限。 0 Microsoft .NET Framework 4.x Microsoft .NET Framework 3.x Microsoft...

Microsoft .NET Framework Multiple Vulnerabilities (2916607)

This host is missing an important security update according to Microsoft Bulletin MS14-009. OpenVAS Vulnerability Test $Id: secpodms14-009.nasl 7582 2017-10-26 11:56:51Z cfischer $ Microsoft .NET Framework Multiple Vulnerabilities 2916607 Authors: Thanga Prakash S Copyright: Copyright C 2014...

Microsoft .NET Framework Multiple Vulnerabilities (2916607)

This host is missing an important security update according to Microsoft Bulletin MS14-009. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft .NET Framework 远程拒绝服务漏洞(CVE-2014-0253)(MS14-009)

BUGTRAQ ID: 65415 CVECAN ID: CVE-2014-0253 .NET就是微软的用来实现XML，Web Services，SOA（面向服务的体系结构service-oriented architecture）和敏捷性的技术。.NET Framework是微软开发的软件框架，主要运行在Microsoft Windows上。 Microsoft ASP.NET中存在拒绝服务漏洞，可使攻击者造成ASP.NET服务器不响应。 0 Microsoft .NET Framework 4.x Microsoft .NET Framework 3.x Microsoft .NET...

Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2898866)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

Security Update for Microsoft .NET Framework 4.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2898865)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

Microsoft .NET Framework CVE-2014-0257 Remote Privilege Escalation Vulnerability

Description Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to elevate privileges, which may lead to a complete compromise of the affected system. Technologies Affected Avaya Aura Conferencing 6.0 SP1 Standard Avaya Aura...

Microsoft .NET Framework CVE-2014-0295 ASLR Security Bypass Vulnerability

Description Microsoft .NET Framework is prone to a security-bypass vulnerability. An attacker can leverage this issue to bypass certain security restrictions and execute arbitrary code by exploiting another vulnerability in the application. Technologies Affected Avaya Aura Conferencing 6.0 SP1...