4.3
CVE-2014-0295
- EPSS 13.77%
- Veröffentlicht 12.02.2014 04:50:41
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in February 2014, aka "VSAVB7RT ASLR Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ .Net Framework Version2.0 Updatesp2
Microsoft ≫ .Net Framework Version3.5.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 13.77% | 0.96 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://secunia.com/advisories/56793
http://www.securitytracker.com/id/1029745
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-009
http://osvdb.org/103164
http://www.greyhathacker.net/?p=585
http://www.securityfocus.com/bid/65418