CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS15-092 | Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3086251) | Microsoft .NET | Important | 12-08-2015 |
Technical Information
Brief overview of the risk:
This security update resolves vulnerabilities in Microsoft .NET Framework. The vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application.
Detailed Information on the risk:
Elevation of privilege vulnerabilities exist in Microsoft .NET Framework when the RyuJIT compiler improperly optimizes certain parameters resulting in a code generation error. An attacker who successfully exploited this vulnerability could take complete control of an affected system.To exploit these vulnerabilities, an attacker would need to host a specially crafted .NET application and convince users to run the application. However, in all cases, an attacker would have no way to force users to run the application; an attacker would have to convince users to do so.Further information on this exploit is available at : MS15-092