⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2014-0295Microsoft NET Framework vulnerability

CWE-2645 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
25.5%
top 3.77%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Microsoft NET Framework
Timeline
PublishedFeb 12
Latest updateMay 14

Description

VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in February 2014, aka "VSAVB7RT ASLR Vulnerability."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDmicrosoft/net_framework2.0, 3.5.1+1

🔴Vulnerability Details

4
GHSA
GHSA-wrmv-c556-947x: VsaVb7rt2022-05-14
OSV
qt4-x11, qtbase-opensource-src vulnerabilities2015-06-03
CVEList
CVE-2014-0295: VsaVb7rt2014-02-12
VulnCheck
VSAVB7RT ASLR Vulnerability2014
CVE-2014-0295 — Microsoft NET Framework vulnerability | cvebase