Microsoft .NET Framework Elevation of Privilege Vulnerabilities
Last Update Date:
13 May 2015 14:41
Release Date:
13 May 2015
3810
Views
RISK: High Risk
TYPE: Operating Systems - Windows OS
- .NET XML Decryption Denial of Service Vulnerability
A denial of service vulnerability exists in Microsoft .NET Framework that could allow an unauthenticated attacker to degrade the performance of a .NET-enabled website and disrupt the availability of applications that use Microsoft .NET Framework. The vulnerability exists when Microsoft .NET Framework attempts to decrypt certain specially crafted XML data. - Windows Forms Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Microsoft .NET Framework that is caused when .NET's Windows Forms (WinForms) libraries improperly handle objects in memory. An attacker who successfully exploited the vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Impact
- Denial of Service
- Remote Code Execution
System / Technologies affected
- Microsoft .NET Framework 1.1
- Microsoft .NET Framework 2.0
- Microsoft .NET Framework 3.5
- Microsoft .NET Framework 3.5.1
- Microsoft .NET Framework 4
- Microsoft .NET Framework 4.5/4.5.1/4.5.2
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Download location for patches:
https://technet.microsoft.com/en-us/library/security/MS15-048
Vulnerability Identifier
Source
Related Link
Share with