CVE-2014-4122Microsoft NET Framework vulnerability

CWE-2643 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
41.1%
top 2.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft NET Framework
Timeline
PublishedOct 15
Latest updateMay 14

Description

Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive information about memory addresses by leveraging the predictability of an executable image's location, aka ".NET ASLR Vulnerability."

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDmicrosoft/net_framework2.0, 3.5, 3.5.1+2

🔴Vulnerability Details

2
GHSA
GHSA-q8qv-rc35-q94x: Microsoft2022-05-14
CVEList
CVE-2014-4122: Microsoft2014-10-15
CVE-2014-4122 — Microsoft NET Framework vulnerability | cvebase