Summary
This host is missing a critical security
update according to Microsoft Bulletin MS14-072.
Impact
Successful exploitation will allow attackers
to bypass certain security restrictions.
Impact Level: System/Application
Solution
Run Windows Update and update the listed
hotfixes or download and update mentioned hotfixes in the advisory from the link, https://technet.microsoft.com/en-us/security/bulletin/ms14-072
Insight
Flaws exists in the way that .NET Framework
handles TypeFilterLevel checks for some malformed objects.
Affected
Microsoft .NET Framework 1.1, 2.0, 3.5,
3.5.1, 4.0, 4.5, 4.5.1 and 4.5.2
Detection
Get the vulnerable file version and check
appropriate patch is applied or not.
References
Severity
Classification
-
CVE CVE-2014-4149 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Data Analyzer and IE Developer Tools ActiveX Control Vulnerability (980195)
- Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803)
- Microsoft Hyper-V Privilege Elevation Vulnerability (2893986)
- Buffer Overrun in Messenger Service (828035)
- Microsoft .NET Framework Privilege Elevation Vulnerability (3005210)