MS KB2905247: Insecure ASP.NET Site Configuration Could Allow Elevation of Privilege

This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.


Synopsis :

The .NET Framework installed on the remote Windows host is affected by
a privilege escalation vulnerability.

Description :

The version of the .NET Framework installed on the remote Windows host
is affected by a privilege escalation vulnerability that allows a
remote attacker to inject and execute arbitrary code in the context of
the service account for the ASP.NET server.

This advisory was re-released on September 9, 2014 to offer the
security update via Microsoft Update, and to address an issue that
occasionally caused 'Page.IsPostBack' to return an incorrect value in
some of the affected software.

See also :

https://technet.microsoft.com/library/security/2905247

Solution :

Microsoft has released a set of patches for .NET Framework 1.1, 2.0,
3.5, 3.5.1, 4.0, 4.5, and 4.5.1.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Windows

Nessus Plugin ID: 71323 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now