This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.
The version of the .NET Framework installed on the remote host is
affected by multiple vulnerabilities.
The remote Windows host has a version of the Microsoft .NET Framework
that is affected by multiple vulnerabilities :
- An information disclosure vulnerability exists in the
.NET Framework due to improper DTD parsing of crafted
XML files. An unauthenticated, remote attacker can
exploit this, via a malicious application file, to gain
read access to the local files on the system.
- An cross-site scripting vulnerability exists in ASP.NET
due to improper validation of values in HTTP requests.
An unauthenticated, remote attacker can exploit this to
inject arbitrary script into the user's browser session.
- A security feature bypass vulnerability exists in the
.NET Framework due to improper implementation of the
Address Space Layout Randomization (ASLR) feature. An
unauthenticated, remote attacker can exploit this, via
crafted website content, to predict memory offsets in
a call stack. (CVE-2015-6115)
See also :
Microsoft has released a set of patches for .NET Framework 2.0 SP2,
3.5, 3.5.1, 4.0, 4.5, 4.5.1, 4.5.2, and 4.6.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true