Vulnerabilities have been discovered in the Microsoft .NET Framework which could allow elevation of privilege. Microsoft.NET is a software framework for applications designed to run under Microsoft Windows. The vulnerability can be exploited if a user visits or is redirected to a specially crafted website. Successful exploitation could result in an attacker gaining complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Microsoft .NET Framework 1.0
- Microsoft .NET Framework 1.1
- Microsoft .NET Framework 2.0
- Microsoft .NET Framework 3.5
- Microsoft .NET Framework 3.5.1
- Microsoft .NET Framework 4
- Microsoft .NET Framework 4.5
- Microsoft .NET Framework 4.5.1
Multiple vulnerabilities have been discovered in the Microsoft .NET Framework that could allow an elevation of privilege. The details of these vulnerabilities are as follows:
Successful exploitation of these vulnerabilities could result in an attacker gaining complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Apply appropriate patches provided by Microsoft to vulnerable systems immediately after appropriate testing.
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
http://technet.microsoft.com/en-us/security/bulletin/ms14-009
CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0253
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0257
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0295