| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS14-057 | Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414) | Microsoft .NET | Critical | 15-10-2014 |
Technical Information
Brief overview of the risk:
An elevation of privilege vulnerability exists in Microsoft .NET Framework that could allow an attacker to elevate privileges on the targeted system.
Detailed Information on the risk:
This security update resolves three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow remote code execution if an attacker sends a specially crafted URI request containing international characters to a .NET web application. In .NET 4.0 and below applications, the vulnerable functionality (iriParsing) is disabled by default; for the vulnerability to be exploitable an application has to explicitly enable this functionality. In .NET 4.5 applications, iriParsing is enabled by default and cannot be disabled.
Further information on this exploit is available at : MS14-057
Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Microsoft .NET Framework 4.5/4.5.1/4.5.2
Affected Software
Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Microsoft .NET Framework 4.5/4.5.1/4.5.2