KLA10695
Multiple vulnerabilities in Microsoft .NET Framework

Multiple serious vulnerabilities have been found in Microsoft .NET Framework. Malicious users can exploit these vulnerabilities to bypass security restrictions,.

Below is a complete list of vulnerabilities

1. Erroneous XML parsing at Document Type Definition can be exploited remotely via a specially designed XML file to obtain sensitive information;
2. Improper HTTP requests validation at ASP.NET can be exploited remotely via a specially designed web content to inject arbitrary script;
3. Improper Address Space Layout Randomization implementation can be exploited remotely via a specially designed web site to bypass security restrictions.

Technical details

By exploiting (1) attacker can gain read access to local files.

Microsoft .NET Framework versions 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)