Vulnerabilities Threats

English Russian Japanese LatAm Türkiye Brasil France Český Deutschland

KLA10695
Multiple vulnerabilities in Microsoft .NET Framework

Updated: 06/03/2020
Detect date
?
 11/10/2015
Severity
?
 Warning
Description

Multiple serious vulnerabilities have been found in Microsoft .NET Framework. Malicious users can exploit these vulnerabilities to bypass security restrictions,.

Below is a complete list of vulnerabilities

  1. Erroneous XML parsing at Document Type Definition can be exploited remotely via a specially designed XML file to obtain sensitive information;
  2. Improper HTTP requests validation at ASP.NET can be exploited remotely via a specially designed web content to inject arbitrary script;
  3. Improper Address Space Layout Randomization implementation can be exploited remotely via a specially designed web site to bypass security restrictions.

Technical details

By exploiting (1) attacker can gain read access to local files.
Affected products

Microsoft .NET Framework versions 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6
Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories

CVE-2015-6099
CVE-2015-6096
CVE-2015-6115
Impacts
?
OSI 
[?]

CI 
[?]

SB 
[?]
Related products
 Microsoft .NET Framework
CVE-IDS
?
CVE-2015-60994.3Warning
CVE-2015-60964.3Warning
CVE-2015-61154.3Warning
Microsoft official advisories
 Microsoft Security Update Guide
KB list

3097999
3098784
3104507
3098780
3098779
3098785
3097995
3097997
3098000
Find out the statistics of the vulnerabilities spreading in your region
© 2023 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy Cookies

Up