CVE-2015-1648

The CVE-2015-1648 issue is an information-disclosure vulnerability in Microsoft .NET Framework’s ASP.NET when customErrors is disabled. The root cause is improper handling/sanitization of errors, allowing remote attackers to trigger requests that reveal parts of web configuration files. Affected ...

CVE-2015-1648

ASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, when the customErrors configuration is disabled, allows remote attackers to obtain sensitive configuration-file information via a crafted request, aka "ASP.NET Information Disclosure Vulnerability."...

Microsoft .NET Framework CVE-2015-1648 Information Disclosure Vulnerability

Description The Microsoft .NET Framework is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to gain access to sensitive information that may aid in further attacks. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya...

MS15-041: Vulnerability in the .NET Framework could allow information disclosure: April 14, 2015

Resolves a vulnerability in the Microsoft .NET Framework that could allow information disclosure if an attacker sends a specially crafted web request to an affected server that has custom error messages disabled. An attacker who successfully exploits the vulnerability would be able to view parts ...

KLA10556 Obtain sensitive information vulnerability in .NET Framework

An unspecified vulnerability was found in Microsoft .NET. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via a specially designed request. Original advisories MS15-041 CVE-2015-1648 Related products...

MS15-041: Vulnerability in .NET Framework Could Allow Information Disclosure (3048010)

The remote Windows host has a version of the Microsoft .NET Framework installed that is affected by an information disclosure vulnerability due to improper handling of requests on web servers that have custom error messages disabled. A remote, unauthenticated attacker can exploit this issue, via ...

Microsoft XML Signature HMAC Truncation Bypass (MS10-041) - Ver2 (CVE-2009-0217)

The Microsoft .NET Framework is a component of the Microsoft Windows operating system that enables building and running software applications and Web services. A tampering vulnerability exists in the Microsoft .NET Framework that could allow an attacker to tamper with signed XML content without...

Microsoft .NET Framework S.DS.P Namespace Method Buffer Overflow - Ver2 (CVE-2013-0003)

A buffer overflow exists in the System.DirectoryServices.Protocols S.DS.P namespace method in the .NET framework. The vulnerability is due to an error in the validation of the size of objects in memory prior to copying them into an array.An attacker can remotely exploit this vulnerability by...

MS14-072: Vulnerability in .NET Framework Could Allow Elevation of Privilege (3005210)

The remote Windows host has a version of the Microsoft .NET Framework that is affected by a vulnerability related to how it handles TypeFilterLevel checks for some malformed objects. This can be used by a remote attacker to gain privilege elevation via a specially crafted packet sent to a host th...

Microsoft .NET Framework Privilege Elevation Vulnerability (3005210)

This host is missing a critical security update according to Microsoft Bulletin MS14-072. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2014-4149

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly perform TypeFilterLevel checks, which allows remote attackers to execute arbitrary code via crafted data to a .NET Remoting endpoint, aka "TypeFilterLevel Vulnerability."...

Security feature bypass

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly perform TypeFilterLevel checks, which allows remote attackers to execute arbitrary code via crafted data to a .NET Remoting endpoint, aka "TypeFilterLevel Vulnerability."...

CVE-2014-4149

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly perform TypeFilterLevel checks, which allows remote attackers to execute arbitrary code via crafted data to a .NET Remoting endpoint, aka "TypeFilterLevel Vulnerability."...

CVE-2014-4149

CVE-2014-4149 – TypeFilterLevel vulnerability in .NET Framework : Affects Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2. The issue arises from improper TypeFilterLevel checks in .NET Remoting, enabling a remote attacker to execute arbitrary code by sending crafte...

Security Update for Microsoft .NET Framework 3.5 on Windows 8 (KB2978121)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 8 (KB2978127)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2978121)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 8 and Windows Server 2012 x64 (KB2978127)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

MS14-072: .NET Remoting Elevation of Privilege Vulnerability

Today Microsoft shipped MS14-072 to the .NET Framework to address an Elevation of Privilege EOP vulnerability in the .NET Remoting feature. This update fixes a specific issue in .NET Remoting that permitted specially crafted remote endpoints to take advantage of this vulnerability. What is .NET...

November 2014 Updates

Today, as part of Update Tuesday, we released 14 security updates – four rated Critical, nine rated Important, and two rated Moderate, to address 33 Common Vulnerabilities and Exposures CVEs in Microsoft Windows, Internet Explorer IE, Office, .NET Framework, Internet Information Services IIS,...