| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS15-118 | Security Update for .NET Framework to Address Elevation of Privilege (3104507) | Microsoft .NET | Important | 11-11-2015 |
Technical Information
Brief overview of the risk:
This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if an attacker convinces a user to navigate to a compromised website or open a link in a specially crafted email that is designed to inject client-side code into the userÆs browser.
Detailed Information on the risk:
An elevation of privilege vulnerability exists when ASP.NET improperly validates values in HTTP requests, exposing users to a potential cross-site scripting (XSS) attack. An attacker who successfully exploited the vulnerability could leverage a vulnerable website to inject client-side script into a userÆs browser and ultimately modify or spoof content, conduct phishing activities, disclose information, or perform any action on the vulnerable website that the target user has permission to perform.
Microsoft .NET Framework 2.0 Service Pack 2Further information on this exploit is available at : MS15-118
Microsoft .NET Framework 4
Microsoft .NET Framework 4.5/4.5.1/4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 2.0 Service Pack 2
Affected Software
Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 4
Microsoft .NET Framework 4.5/4.5.1/4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 2.0 Service Pack 2