KLA10695
Multiple vulnerabilities in Microsoft .NET Framework
Updated: 06/01/2019
Detect date
?
11/10/2015
Severity
?
Warning
Description

Multiple serious vulnerabilities have been found in Microsoft .NET Framework. Malicious users can exploit these vulnerabilities to bypass security restrictions,.

Below is a complete list of vulnerabilities

  1. Erroneous XML parsing at Document Type Definition can be exploited remotely via a specially designed XML file to obtain sensitive information;
  2. Improper HTTP requests validation at ASP.NET can be exploited remotely via a specially designed web content to inject arbitrary script;
  3. Improper Address Space Layout Randomization implementation can be exploited remotely via a specially designed web site to bypass security restrictions.

Technical details

By exploiting (1) attacker can gain read access to local files.

Affected products

Microsoft .NET Framework versions 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2015-6099
CVE-2015-6096
CVE-2015-6115

Impacts
?
OSI 
[?]

CI 
[?]

SB 
[?]
Related products
Microsoft .NET Framework
CVE-IDS
?
CVE-2015-60994.3Warning
CVE-2015-60964.3Warning
CVE-2015-61154.3Warning
Microsoft official advisories
Microsoft Security Update Guide
KB list

3097999
3098784
3104507
3098780
3098779
3098785
3097995
3097997
3098000