4.3

CVE-2014-0295

Exploit
VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in February 2014, aka "VSAVB7RT ASLR Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft.Net Framework Version2.0 Updatesp2
Microsoft.Net Framework Version3.5.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 13.77% 0.96
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/56793
http://www.securitytracker.com/id/1029745
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-009
http://osvdb.org/103164
http://www.greyhathacker.net/?p=585
Exploit
http://www.securityfocus.com/bid/65418