Microsoft .NET Framework Remote Code Execution Vulnerabilities

Last Update Date: 15 Oct 2014 17:50 Release Date: 15 Oct 2014 3678 Views

RISK: High Risk

TYPE: Operating Systems - Windows OS

.NET ClickOnce Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Microsoft .NET Framework that could allow an attacker to elevate privileges on the targeted system.
.NET Framework Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that Microsoft .NET Framework improperly parses internationalized resource identifiers. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
.NET ASLR Vulnerability
A security feature bypass vulnerability exists in Microsoft .NET Framework that could allow an attacker to bypass the Address Space Layout Randomization (ASLR) security feature, which helps protect users from a broad class of vulnerabilities. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, that could take advantage of the ASLR bypass to run arbitrary code.