Microsoft » .net Framework : Security Vulnerabilities, CVEs, Published In February 2014 (Code Execution)
VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in February 2014, aka "VSAVB7RT ASLR Vulnerability."
Max CVSS
4.3
EPSS Score
2.58%
Published
2014-02-12
Updated
2018-10-12
CVE-2014-0257
Public exploit
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM server endpoint, aka "Type Traversal Vulnerability."
Max CVSS
9.3
EPSS Score
71.40%
Published
2014-02-12
Updated
2018-10-12
2 vulnerabilities found