| |
Vulnerability CVE-2014-4122
Published: 2014-10-15
| Description: |
Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive information about memory addresses by leveraging the predictability of an executable image's location, aka ".NET ASLR Vulnerability." |
Type:
CWE-264 (Permissions, Privileges, and Access Controls)
CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
4.3/10 |
2.9/10 |
8.6/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Medium |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
None |
None |
References: |
http://www.securityfocus.com/bid/70312
http://www.securitytracker.com/id/1031021
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-057
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
