Oval Definition:oval:org.mitre.oval:def:26757
Revision Date:2015-12-22Version:22
Title:.NET Framework remote code execution vulnerability - CVE-2014-4121 (MS14-057)
Description:Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted request to a .NET web application, aka ".NET Framework Remote Code Execution Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2014-4121
Platform(s):Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Product(s):Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.0
Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.5 SP1
Microsoft .NET Framework 4.5 SP2
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.2
Definition Synopsis
  • .net 2.0 sp2/server 2003/versions
  • either os
  • Microsoft Windows Server 2003 for Itanium is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • AND Microsoft .NET Framework 2.0 Service Pack 2 is installed
  • AND either file versions GDR/LDR
  • ldr range
  • Check if the version of system.dll is less than 2.0.50727.8637
  • AND Check if the version of system.dll is greater than or equal to 2.0.50727.8600
  • OR Check if the version of system.dll is less than 2.0.50727.3662
  • OR Vista / 2k8 + vulnerable file version
  • Vista / 2K8
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND either file versions
  • ldr range
  • Check if the version of system.dl is less than 2.0.50727.7071
  • AND Check if the version of System.dll is greater than or equal to 2.0.50727.7000
  • OR Check if the version of system.dll is less than 2.0.50727.4253
  • AND Microsoft .NET Framework 2.0 Service Pack 2 is installed
  • OR Win 8/2k12 and vulnerable file version
  • Win 8 / 2k12
  • Microsoft Windows 8 (x86) is installed
  • OR Microsoft Windows 8 (x64) is installed
  • OR Microsoft Windows Server 2012 (64-bit) is installed
  • AND either file versions
  • ldr range
  • Check if the version of system.dl is less than 2.0.50727.7071
  • AND Check if the version of System.dll is greater than or equal to 2.0.50727.7000
  • OR Check if the version of the system.dll is less than 2.0.50727.6421
  • AND Microsoft .NET Framework 3.5 SP1 is installed
  • OR .net 3.5.1/win 8.1/server 2012 r2/versions
  • either os
  • Microsoft Windows 8.1 (x86) is installed
  • OR Microsoft Windows 8.1 (x64) is installed
  • OR Microsoft Windows Server 2012 R2 is installed
  • AND Microsoft .NET Framework 3.5 SP1 is installed
  • AND either file versions
  • ldr range
  • Check if the version of system.dll is less than 2.0.50727.8615
  • AND Check if the version of system.dll is greater than or equal to 2.0.50727.8600
  • OR Check if the version of system.dll is less than 2.0.50727.8009
  • OR Win 7 / R2 + vulnerable file version
  • Win 7 / R2
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • AND either file versions
  • ldr range
  • Check if the version of system.dl is less than 2.0.50727.7071
  • AND Check if the version of System.dll is greater than or equal to 2.0.50727.7000
  • OR Check if the version of system.dll is less than 2.0.50727.5485
  • AND Microsoft .NET Framework 3.5 SP1 is installed
  • OR .net 4.0/win server 2003/vista/server 2008/Win 7/ server 2008 R2 and vuln versions
  • either os
  • Microsoft Windows Server 2003 for Itanium is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • OR Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • AND Microsoft .NET Framework 4.0 is installed
  • AND GDR/LDR
  • ldr range
  • Check if the version of system.dll is less than 4.0.30319.2045
  • AND Check if the version of system.dl is greater than or equal to 4.0.30319.2000
  • OR Check if the version of system.dll is less than 4.0.30319.1026
  • OR .net 4.5/4.5.1/4.5.2/vista/server 2008/win 7/server 2008 R2/versions
  • either os
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • AND 4.5/4.5.1/4.5.2
  • Microsoft .NET Framework 4.5 is installed
  • OR Microsoft .NET Framework 4.5.1 is installed
  • OR Microsoft .NET Framework 4.5.2 is installed
  • AND LDR / GDR range
  • LDR range
  • Check if the version of system.dll is less than 4.0.30319.36250
  • AND Check if the version of system.dll is greater than or equal to 4.0.30319.36000
  • OR Check if the version of system.dll is less than 4.0.30319.34238
  • OR Win 8.1/2k12 R2 and vulnerable file version
  • Win 8.1 / 2k12 R2
  • Microsoft Windows 8.1 (x86) is installed
  • OR Microsoft Windows 8.1 (x64) is installed
  • OR Microsoft Windows Server 2012 R2 is installed
  • AND 4.5.1/4.5.2
  • Microsoft .NET Framework 4.5.1 is installed
  • OR Microsoft .NET Framework 4.5.2 is installed
  • AND either file versions
  • ldr range
  • Check if the version of system.dll is less than 4.0.30319.36251
  • AND Check if the version of system.dll is greater than or equal to 4.0.30319.36000
  • OR Check if the version of system.dll is less than 4.0.30319.34239
  • OR .net 4.5/4.5.1/4.5.2/win 8/server 2012/versions
  • either os
  • Microsoft Windows 8 (x86) is installed
  • OR Microsoft Windows 8 (x64) is installed
  • OR Microsoft Windows Server 2012 (64-bit) is installed
  • AND 4.5/4.5.1/4.5.2
  • Microsoft .NET Framework 4.5 is installed
  • OR Microsoft .NET Framework 4.5.1 is installed
  • OR Microsoft .NET Framework 4.5.2 is installed
  • AND either file versions
  • ldr range
  • Check if the version of system.dll is less than 4.0.30319.36251
  • AND Check if the version of system.dll is greater than or equal to 4.0.30319.36000
  • OR Check if the version of system.dll is less than 4.0.30319.34239
    • BACK