MS14-009: Vulnerabilities in .NET Framework Could Allow Privilege Escalation (2916607)
High Nessus Plugin ID 72432
SynopsisThe version of the .NET Framework installed on the remote host is affected by multiple vulnerabilities.
DescriptionThe remote Windows host is running a version of the Microsoft .NET Framework that is affected by multiple vulnerabilities :
- An error exists related to handling stale or closed HTTP client connections that can allow denial of service attacks. (CVE-2014-0253)
- An error exists related to decisions regarding the safety of executing certain methods that can allow privilege escalation. (CVE-2014-0257)
- An error exists related to the component 'VSAVB7RT' that can allow Address Space Layout Randomization (ASLR) bypasses. (CVE-2014-0295)
SolutionMicrosoft has released a set of patches for .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, and 4.5.1.