| Vulnerability Name: | CVE-2014-4122 (CCN-96773) | ||||||||
| Assigned: | 2014-10-14 | ||||||||
| Published: | 2014-10-14 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive information about memory addresses by leveraging the predictability of an executable image's location, aka ".NET ASLR Vulnerability." | ||||||||
| CVSS v3 Severity: | 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N) 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-4122 Source: SECUNIA Type: UNKNOWN 60969 Source: CCN Type: Microsoft Security Bulletin MS14-057 Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414) Source: CCN Type: Microsoft Security Bulletin MS15-118 Security Updates for .NET Framework to Address Elevation of Privilege (3104507) Source: CCN Type: Microsoft Security Bulletin MS16-065 Security Update for .NET Framework (3156757) Source: BID Type: UNKNOWN 70312 Source: CCN Type: BID-70312 Microsoft .NET Framework CVE-2014-4122 ASLR Security Bypass Vulnerability Source: SECTRACK Type: UNKNOWN 1031021 Source: MS Type: UNKNOWN MS14-057 Source: XF Type: UNKNOWN ms-dotnet-cve20144122-sec-bypass(96773) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||