CVE-2014-0295
Description
VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in February 2014, aka VSAVB7RT ASLR Vulnerability.
Risk Information
Base Score
7.4
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:F/RL:O/RC:C
EPSS Score
Exploitation Probability
19.786
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP (KB2901111) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP (KB2901111) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP (KB2898856) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP (KB2898856) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB2901110) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB2901110) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB2898855) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB2898855) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 1.1 Service Pack 1 on Windows Server 2003 Service Pack 2 (32-bit) (KB2901115) | Windows |
| Security Update for Microsoft .NET Framework 1.1 Service Pack 1 on Windows Server 2003 Service Pack 2 (32-bit) (KB2898860) | Windows |
| Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2 (KB2901113) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2 (KB2901113) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2 (KB2898858) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2 (KB2898858) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2 (KB2911502) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2 (KB2911502) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 4.5 on Windows 7 Service Pack 1, and Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB2901118) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 4.5 on Windows 7 Service Pack 1, and Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB2901118) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 4.5 on Windows 7 Service Pack 1, and Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB2898864) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 4.5 on Windows 7 Service Pack 1, and Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB2898864) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 4.5.1 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB2901126) | Windows |
| Security Update for Microsoft .NET Framework 4.5.1 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB2901126) | Windows |
| Security Update for Microsoft .NET Framework 4.5.1 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB2898869) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 4.5.1 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB2898869) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 (KB2901112) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 (KB2901112) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 (KB2898857) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 (KB2898857) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 (KB2911501) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 (KB2911501) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 (KB2901120) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 (KB2901120) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 (KB2898866) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 (KB2898866) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 4.5 on Windows 8, Windows RT and Windows Server 2012 (KB2901119) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 4.5 on Windows 8, Windows RT and Windows Server 2012 (KB2901119) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 4.5 on Windows 8, Windows RT and Windows Server 2012 (KB2898865) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 4.5 on Windows 8, Windows RT and Windows Server 2012 (KB2898865) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 4.5.1 on Windows 8, Windows RT 8, and Windows Server 2012 R2 (KB2901127) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 4.5.1 on Windows 8, Windows RT 8, and Windows Server 2012 R2 (KB2901127) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 4.5.1 on Windows 8, Windows RT 8, and Windows Server 2012 R2 (KB2898870) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 4.5.1 on Windows 8, Windows RT 8, and Windows Server 2012 R2 (KB2898870) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 (KB2901125) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 (KB2901125) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 (KB2898868) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 (KB2898868) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 4.5.1 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2901128) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 4.5.1 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2901128) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 4.5.1 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2898871) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 4.5.1 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2898871) x64 bases systems | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-15005 | Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP (KB2901111) |
| PATCH-15006 | Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP (KB2901111) |
| PATCH-15007 | Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP (KB2898856) |
| PATCH-15008 | Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP (KB2898856) |
| PATCH-15009 | Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB2901110) |
| PATCH-15010 | Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB2901110) |
| PATCH-15011 | Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB2898855) |
| PATCH-15012 | Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB2898855) |
| PATCH-15013 | Security Update for Microsoft .NET Framework 1.1 Service Pack 1 on Windows Server 2003 Service Pack 2 (32-bit) (KB2901115) |
| PATCH-15017 | Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2 (KB2898858) |
| PATCH-15018 | Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2 (KB2898858) |
| PATCH-15019 | Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2 (KB2911502) |
| PATCH-15020 | Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2 (KB2911502) |
| PATCH-15021 | Security Update for Microsoft .NET Framework 4.5 on Windows 7 Service Pack 1, and Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB2901118) |
| PATCH-15022 | Security Update for Microsoft .NET Framework 4.5 on Windows 7 Service Pack 1, and Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB2901118) |
| PATCH-15023 | Security Update for Microsoft .NET Framework 4.5 on Windows 7 Service Pack 1, and Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB2898864) |
| PATCH-15024 | Security Update for Microsoft .NET Framework 4.5 on Windows 7 Service Pack 1, and Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB2898864) |
| PATCH-15027 | Security Update for Microsoft .NET Framework 4.5.1 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB2898869) |
| PATCH-15028 | Security Update for Microsoft .NET Framework 4.5.1 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB2898869) |
| PATCH-15029 | Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 (KB2901112) |
| PATCH-15030 | Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 (KB2901112) |
| PATCH-15031 | Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 (KB2898857) |
| PATCH-15032 | Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 (KB2898857) |
| PATCH-15033 | Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 (KB2911501) |
| PATCH-15034 | Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 (KB2911501) |
| PATCH-15035 | Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 (KB2901120) |
| PATCH-15036 | Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 (KB2901120) |
| PATCH-15037 | Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 (KB2898866) |
| PATCH-15038 | Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 (KB2898866) |
| PATCH-15039 | Security Update for Microsoft .NET Framework 4.5 on Windows 8, Windows RT and Windows Server 2012 (KB2901119) |
| PATCH-15040 | Security Update for Microsoft .NET Framework 4.5 on Windows 8, Windows RT and Windows Server 2012 (KB2901119) |
| PATCH-15043 | Security Update for Microsoft .NET Framework 4.5.1 on Windows 8, Windows RT 8, and Windows Server 2012 R2 (KB2901127) |
| PATCH-15044 | Security Update for Microsoft .NET Framework 4.5.1 on Windows 8, Windows RT 8, and Windows Server 2012 R2 (KB2901127) |
| PATCH-15147 | Security Update for Microsoft .NET Framework 4.5.1 on Windows 8, Windows RT 8, and Windows Server 2012 R2 (KB2898870) |
| PATCH-15148 | Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 (KB2901125) |
| PATCH-15149 | Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 (KB2901125) |
| PATCH-15150 | Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 (KB2898868) |
| PATCH-15151 | Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 (KB2898868) |
| PATCH-15152 | Security Update for Microsoft .NET Framework 4.5.1 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2901128) |
| PATCH-15153 | Security Update for Microsoft .NET Framework 4.5.1 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2901128) |
| PATCH-15154 | Security Update for Microsoft .NET Framework 4.5.1 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2898871) |
| PATCH-15155 | Security Update for Microsoft .NET Framework 4.5.1 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2898871) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234