Oval Definition:oval:org.mitre.oval:def:26903
Revision Date:2014-11-24Version:19
Title:.NET ASLR vulnerability - CVE-2014-4122 (MS14-057)
Description:Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive information about memory addresses by leveraging the predictability of an executable image's location, aka ".NET ASLR Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2014-4122
Platform(s):Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Product(s):Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5.1
Definition Synopsis
  • Vista / 2k8 + vulnerable file version
  • Vista / 2K8
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND Check if the version of mscorie.dll is less than 2.0.50727.4252
  • AND Microsoft .NET Framework 2.0 Service Pack 2 is installed
  • OR Win 8/2k12 and vulnerable file version
  • Win 8 / 2k12
  • Microsoft Windows 8 (x86) is installed
  • OR Microsoft Windows 8 (x64) is installed
  • OR Microsoft Windows Server 2012 (64-bit) is installed
  • AND Check if the version of mscorie.dll is less than 2.0.50727.6419
  • AND Microsoft .NET Framework 3.5 SP1 is installed
  • OR .net 3.5.1/win 8.1/server 2012 r2/versions
  • either os
  • Microsoft Windows 8.1 (x86) is installed
  • OR Microsoft Windows 8.1 (x64) is installed
  • OR Microsoft Windows Server 2012 R2 is installed
  • AND Microsoft .NET Framework 3.5 SP1 is installed
  • AND Check if the version of mscorie.dll is less than 2.0.50727.8008
  • OR Win 7 / R2 + vulnerable file version
  • Win 7 / R2
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • AND Check if the version of mscorie.dll is less than 2.0.50727.5483
  • AND Microsoft .NET Framework 3.5 SP1 is installed
    • BACK