Microsoft .NET Framework Security Bypass Vulnerability (2984625) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS14-046.

Impact

Successful exploitation could allow an attacker to execute of arbitrary code and bypass certain security mechanism.

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, https://technet.microsoft.com/en-us/security/bulletin/ms14-046

Insight

Flaw is triggered when handling specially crafted website content due to the Address Space Layout Randomization (ASLR) security feature.

Affected

Microsoft .NET Framework 2.0 Service Pack 2, 3.0 Service Pack 2, 3.5, 3.5.1

Detection

Get the vulnerable file version and check appropriate patch is applied or not.

References

http://support.microsoft.com/kb/2984625
http://www.osvdb.com/109937
https://technet.microsoft.com/en-us/security/bulletin/MS14-046

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-4062

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Microsoft Windows Kerberos Denial of Service Vulnerability (2743555)
Microsoft ASP.NET Information Disclosure Vulnerability (2418042)
Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554)
Microsoft Kerberos Denial of Service Vulnerability (977290)
Microsoft Windows Media Service Handshake Sequence DoS Vulnerability

Take action and discover your vulnerabilities