This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
The .NET Framework install on the remote Windows host could allow
arbitrary code execution.
The version of the .NET Framework installed on the remote host
reportedly is affected by a code execution vulnerability because of
the way .NET Framework validates parameters when passing data to a
An attacker may be able to leverage these vulnerabilities to execute
arbitrary code on the affected system if a user can be tricked into
viewing a specially crafted web page using a web browser that can run
XAML Browser Applications (XBAPs). The vulnerability could also be
exploited by uploading a specially crafted ASP.NET page to a server
system running IIS and then executing that page.
See also :
Microsoft has released a set of patches for .NET Framework 1.0,
1.1, 2.0, 3.5.1, and 4.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true