KLA10603
Multiple vulnerabilities in Microsoft .NET Framework
Обновлено: 17/06/2019
Дата обнаружения
11/11/2014
Уровень угрозы
High
Описание

Multiple serious vulnerabilities have been found in Microsoft .NET Framework. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions fain privileges, execute arbitrary code or obtain sensitive information.

Below is a complete list of vulnerabilities

  1. An improper ASLR implementation can be exploited remotely via a specially designed web site or memory addresses prediction;
  2. Unverified data processing can be exploited remotely via vectors related to Internet Explorer;
  3. An improper hash table usage can be exploited remotely via a specially designed request;
  4. Improper TypeFilterLevel checking can be exploited remotely via .NET Remoting manipulations;
  5. Improper IRI parsing can be exploited remotely via a specially designed request;
  6. Unsafe method execution can be exploited remotely via a specially designed .NET application;
  7. Improper TCP connections handling can be exploited remotely via a specially designed HTTP requests;
  8. An improper memory access restrictions can be exploited remotely via vectors related to malformed objects.
Пораженные продукты

Microsoft .NET Framework version 1.0 Service Pack 3
Microsoft .NET Framework version 1.1 Service Pack 1
Microsoft .NET Framework version 2.0 Service Pack 2
Microsoft .NET Framework versions 3.5, 3.5.1, 4, 4.5, 4.5.1

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2014-4072
CVE-2014-0257
CVE-2014-0253
CVE-2014-0295
CVE-2014-4149
CVE-2014-4122
CVE-2014-4121
CVE-2014-4062
CVE-2014-4073
CVE-2014-1806
Оказываемое влияние
?
ACE 
[?]

DoS 
[?]

SB 
[?]

PE 
[?]
Связанные продукты
Microsoft .NET Framework
CVE-IDS
CVE-2014-40725.0Critical
CVE-2014-02579.3Critical
CVE-2014-02535.0Critical
CVE-2014-02954.3Warning
CVE-2014-41499.3Critical
CVE-2014-41224.3Warning
CVE-2014-412110.0Critical
CVE-2014-40624.3Warning
CVE-2014-407310.0Critical
CVE-2014-180610.0Critical
Microsoft official advisories
Microsoft Security Update Guide
KB list

2972098
2898855
2898856
2898857
2898858
2979578
2979575
2979574
2979577
2979576
2979571
2979570
2979573
2931365
2931366
2931367
2931368
2984625
2979568
2904878
2943344
2943357
3000414
2972105
2972107
2972106
2972101
2972100
2972103
2973113
2973112
2973115
2973114
2978121
2978120
2978122
2932079
2978124
2978127
2978126
2978128
2990931
2972215
2972214
2972216
2972211
2972213
2972212
2974268
2974269
2958732
2901128
2901125
2901127
2901126
2901120
3005210
2931356
2972207
2916607
2968296
2898868
2968294
2968295
2968292
2977766
2898860
2977765
2898865
2898864
2898866
2931358
2911502
2931354
2931357
2911501
2931352
2898869
2898870
2898871
2978114
2978116
2937608
2978125
2966828
2966827
2966826
2966825
2978042
2901115
2978041
2901110
2901111
2901112
2901113
2901118
2901119
2937610