Summary
This host is missing an important security update according to Microsoft Bulletin MS14-046.
Impact
Successful exploitation could allow an attacker to execute of arbitrary code and bypass certain security mechanism.
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, https://technet.microsoft.com/en-us/security/bulletin/ms14-046
Insight
Flaw is triggered when handling specially crafted website content due to the Address Space Layout Randomization (ASLR) security feature.
Affected
Microsoft .NET Framework 2.0 Service Pack 2, 3.0 Service Pack 2, 3.5, 3.5.1
Detection
Get the vulnerable file version and check appropriate patch is applied or not.
References
Severity
Classification
-
CVE CVE-2014-4062 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Microsoft SharePoint Foundation Privilege Elevation Vulnerability (3000431)
- Microsoft Groove Server HTML Sanitisation Component XSS Vulnerability (2821818)
- Microsoft Windows IIS FTP Service Information Disclosure Vulnerability (2761226)
- Microsoft ISA Server DNS - Denial Of Service (MS03-009)
- Microsoft Window Audio Service Privilege Escalation Vulnerability (3005607)