MS14-072: Vulnerability in the .NET Framework could allow elevation of privilege: November 11, 2014

Resolves a vulnerability in the Microsoft .NET Framework that could allow elevation of privilege.View products that this article applies to.IntroductionThis update resolves a vulnerability in the Microsoft .NET Framework that could allow elevation of privilege.SummaryMicrosoft has released securi...

KLA10603 Multiple vulnerabilities in Microsoft .NET Framework

Multiple serious vulnerabilities have been found in Microsoft .NET Framework. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions fain privileges, execute arbitrary code or obtain sensitive information. Below is a complete list of...

Microsoft Releases November 2014 Security Bulletin

Microsoft has released updates to address vulnerabilities in Windows, Office, Exchange, .NET Framework, SharePoint, and Internet Explorer as part of the Microsoft Security Bulletin Summary for November 2014. Some of these vulnerabilities could allow remote code execution, elevation of privilege, ...

Microsoft .NET Framework CVE-2014-4149 Remote Privilege Escalation Vulnerability

Description Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges within the context of the application; this can result in the attacker gaining complete control of the affected system. Technologies Affecte...

Advance Notification Service for the November 2014 Security Bulletin Release

Today, we provide advance notification for the release of 16 Security Bulletins. Five of these updates are rated Critical, nine are rated as Important, and two are rated Moderate in severity. These updates are for Microsoft Windows, Internet Explorer, Office, Exchange, .NET Framework, Internet...

CVE-2014-4121

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted request to a .NET web application, aka ".NET...

CVE-2014-4122

Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive information about memory addresses by leveraging the predictability of an executable image's location, aka ".NET ASLR Vulnerability."...

Privilege escalation

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka ".NET ClickOnce Elevation of Privilege Vulnerability."...

Design/Logic Flaw

Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive information about memory addresses by leveraging the predictability of an executable image's location, aka ".NET ASLR Vulnerability."...

Remote code execution

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted request to a .NET web application, aka ".NET...

CVE-2014-4073

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka ".NET ClickOnce Elevation of Privilege Vulnerability."...

CVE-2014-4073

CVE-2014-4073 is an Elevation of Privilege flaw in Microsoft .NET Framework related to ClickOnce and DCOM, enabling an attacker to gain privileges by processing unverified data via interactions with the ClickOnce installer or through .NET DCOM/WMI paths. Affected products include .NET Framework 2...

CVE-2014-4122

Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive information about memory addresses by leveraging the predictability of an executable image's location, aka ".NET ASLR Vulnerability."...

CVE-2014-4122

CVE-2014-4122 is the .NET Framework ASLR bypass vulnerability affecting .NET Framework 2.0 SP2, 3.5, and 3.5.1. A remote attacker could predict memory addresses by exploiting the ASLR weakness, potentially enabling remote code execution or information disclosure. Public references note exploitati...

CVE-2014-4121

CVE-2014-4121 affects Microsoft .NET Framework versions 2.0 SP2, 3.5/3.5.1, 4, 4.5, 4.5.1, and 4.5.2. The root cause is improper parsing of internationalized resource identifiers, enabling remote attackers to execute arbitrary code or cause memory corruption via crafted requests to .NET web apps....

CVE-2014-4121

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted request to a .NET web application, aka ".NET...

MS14-057: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414)

The remote Windows host has a version of the Microsoft .NET Framework that is affected by a vulnerability that allows a remote attacker to to execute code remotely. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid78432; scriptversion"1.11"; scriptcvsdate"Date:...

Microsoft .NET Framework Remote Code Execution Vulnerability (3000414)

This host is missing a critical security update according to Microsoft Bulletin MS14-057. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2972101)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

Security Update for Microsoft .NET Framework 3.5 on Windows 8 (KB2972101)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...