KLA10695
Multiple vulnerabilities in Microsoft .NET Framework

Обновлено: 03/06/2020
Дата обнаружения
10/11/2015
Уровень угрозы
Warning
Описание

Multiple serious vulnerabilities have been found in Microsoft .NET Framework. Malicious users can exploit these vulnerabilities to bypass security restrictions,.

Below is a complete list of vulnerabilities

  1. Erroneous XML parsing at Document Type Definition can be exploited remotely via a specially designed XML file to obtain sensitive information;
  2. Improper HTTP requests validation at ASP.NET can be exploited remotely via a specially designed web content to inject arbitrary script;
  3. Improper Address Space Layout Randomization implementation can be exploited remotely via a specially designed web site to bypass security restrictions.

Technical details

By exploiting (1) attacker can gain read access to local files.

Пораженные продукты

Microsoft .NET Framework versions 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2015-6099
CVE-2015-6096
CVE-2015-6115
Оказываемое влияние
?
OSI 
[?]

CI 
[?]

SB 
[?]
Связанные продукты
Microsoft .NET Framework
CVE-IDS
CVE-2015-60994.3Warning
CVE-2015-60964.3Warning
CVE-2015-61154.3Warning