This script is Copyright (C) 2014 Tenable Network Security, Inc.
The version of the .NET Framework installed on the remote host is
affected by multiple vulnerabilities.
The remote Windows host is running a version of the Microsoft .NET
Framework that is affected by multiple vulnerabilities :
- An error exists related to handling stale or closed
HTTP client connections that could allow denial of
service attacks. (CVE-2014-0253)
- An error exists related to decisions regarding the
safety of executing certain methods that could allow
privilege escalation. (CVE-2014-0257)
- An error exists related to the component 'VSAVB7RT'
that could allow Address Space Layout Randomization
(ASLR) bypasses. (CVE-2014-0295)
See also :
Microsoft has released a set of patches for .NET Framework 1.1 SP1, 2.0
SP2, 3.5, 3.5.1, 4.0, 4.5, and 4.5.1.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : true