MS15-092: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3086251)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The version of the .NET Framework installed on the remote host is
affected by multiple elevation of privilege vulnerabilities.

Description :

The version of Microsoft .NET Framework installed on the remote host
is affected by multiple elevation of privilege vulnerabilities due to
the RyuJIT compiler not properly optimizing certain parameters,
resulting in a code generation error. A remote attacker, by convincing
a user to run a malicious .NET application, can exploit these
vulnerabilities to gain elevated privileges and take control of the
affected system.

See also :

https://technet.microsoft.com/library/security/MS15-092

Solution :

Microsoft has released a set of patches for .NET Framework 4.6.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 85331 ()

Bugtraq ID: 76268
76269
76270

CVE ID: CVE-2015-2479
CVE-2015-2480
CVE-2015-2481

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now