CVE-2014-4122

Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive information about memory addresses by leveraging the predictability of an executable image's location, aka ".NET ASLR Vulnerability."

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/60969
http://www.securityfocus.com/bid/70312
http://www.securitytracker.com/id/1031021
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-057

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:.net_framework:2.0:sp2::::::
	cpe:2.3:a:microsoft:.net_framework:3.5:::::::*
	cpe:2.3:a:microsoft:.net_framework:3.5.1:::::::*

History

No history.

Information

Published : 2014-10-15 10:55

Updated : 2023-12-10 11:31

NVD link : CVE-2014-4122

Mitre link : CVE-2014-4122

CVE.ORG link : CVE-2014-4122

JSON object : View

Products Affected

microsoft

.net_framework

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2014-4122", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-10-15T10:55:07.990", "references": [{"url": "http://secunia.com/advisories/60969", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/70312", "source": "secure@microsoft.com"}, {"url": "http://www.securitytracker.com/id/1031021", "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-057", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive information about memory addresses by leveraging the predictability of an executable image's location, aka \".NET ASLR Vulnerability.\""}, {"lang": "es", "value": "Microsoft .NET Framework 2.0 SP2, 3.5, y 3.5.1 omite el mecanismo de protecci\u00f3n ASLR, lo que permite a atacantes remotos obtener informaci\u00f3n potencialmente sensible sobre las direcciones de la memoria mediante el aprovechamiento de la previsibilidad de la localizaci\u00f3n de un imagen ejecutable, tambi\u00e9n conocido como 'vulnerabilidad .NET ASLR.'"}], "lastModified": "2018-10-12T22:07:19.940", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279"}, {"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688"}, {"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EDC4407-7E92-4E60-82F0-0C87D1860D3A"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}