Detections
Analytics
MS KB2905247: Insecure ASP.NET Site Configuration Could Allow Elevation of Privilege
high Nessus Plugin ID 71323
Language:
Synopsis
The .NET Framework installed on the remote Windows host is affected by a privilege escalation vulnerability.Description
The version of the .NET Framework installed on the remote Windows host is affected by a privilege escalation vulnerability that allows a remote attacker to inject and execute arbitrary code in the context of the service account for the ASP.NET server.This advisory was re-released on September 9, 2014 to offer the security update via Microsoft Update, and to address an issue that occasionally caused 'Page.IsPostBack' to return an incorrect value in some of the affected software.
Solution
Microsoft has released a set of patches for .NET Framework 1.1, 2.0, 3.5, 3.5.1, 4.0, 4.5, and 4.5.1.See Also
https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2013/2905247
Plugin Details
Severity: High
ID: 71323
File Name: smb_kb2905247.nasl
Version: 1.7
Type: local
Agent: windows
Family: Windows
Published: 12/11/2013
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/o:microsoft:windows
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Patch Publication Date: 12/10/2013
Vulnerability Publication Date: 12/10/2013
Reference Information
MSKB: 2905247