| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS14-009 | Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2916607) | Microsoft .NET | Important | 12-02-2014 |
Technical Information
Brief overview of the risk:
This security update resolves two publicly disclosed vulnerabilities and one privately reported vulnerability in Microsoft .NET Framework. The most severe vulnerability could allow elevation of privilege if a user visits a specially crafted website or a website containing specially crafted web content.
Detailed Information on the risk:
A security feature bypass exists in a .NET Framework component that does not properly implement Address Space Layout Randomization (ASLR). The vulnerability could allow an attacker to bypass the ASLR security feature, after which the attacker could load additional malicious code in the process in an attempt to exploit another vulnerability.
Further information on this exploit is available at : MS14-009
Affected Software
Microsoft .NET Framework 1.0 Service Pack 3Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 4.0
Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.5.1