CVE-2014-4062Microsoft NET Framework vulnerability

CWE-2643 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
15.0%
top 5.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft NET Framework
Timeline
PublishedAug 12
Latest updateMay 14

Description

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, and 3.5.1 does not properly implement the ASLR protection mechanism, which allows remote attackers to obtain sensitive address information via a crafted web site, aka ".NET ASLR Vulnerability."

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDmicrosoft/net_framework5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-7qg6-22cq-32p9: Microsoft2022-05-14
CVEList
CVE-2014-4062: Microsoft2014-08-12
CVE-2014-4062 — Microsoft NET Framework vulnerability | cvebase