| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS15-048 | Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3057134) | Microsoft .NET | Important | 13-05-2015 |
Technical Information
Brief overview of the risk:
A denial of service vulnerability exists in Microsoft .NET Framework that could allow an unauthenticated attacker to degrade the performance of a .NET-enabled website and disrupt the availability of applications that use Microsoft .NET Framework. The vulnerability exists when Microsoft .NET Framework attempts to decrypt certain specially crafted XML data.
Detailed Information on the risk:
To exploit this vulnerability, an attacker could send specially crafted XML data to a .NET application with the intention of causing processing recursion that leads to the denial-of-service condition. Servers running affected versions of Microsoft .NET Framework are primarily at risk from this vulnerability. The update addresses the vulnerability by correcting how the .NET Framework decrypts XML data.
Further information on this exploit is available at : MS15-048
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 4
Microsoft .NET Framework 4.5/4.5.1/4.5.2
Microsoft .NET Framework 3.5.1
Affected Software
Microsoft .NET Framework 1.1 Service Pack 1Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 4
Microsoft .NET Framework 4.5/4.5.1/4.5.2
Microsoft .NET Framework 3.5.1