Vulnerabilities > Microsoft > NET Framework
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-08-12 | CVE-2014-4062 | Permissions, Privileges, and Access Controls vulnerability in Microsoft .Net Framework Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, and 3.5.1 does not properly implement the ASLR protection mechanism, which allows remote attackers to obtain sensitive address information via a crafted web site, aka ".NET ASLR Vulnerability." | 4.3 |
| 2014-05-14 | CVE-2014-1806 | Code Injection vulnerability in Microsoft .Net Framework The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability." | 10.0 |
| 2014-02-12 | CVE-2014-0295 | Permissions, Privileges, and Access Controls vulnerability in Microsoft .Net Framework 2.0/3.5.1 VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in February 2014, aka "VSAVB7RT ASLR Vulnerability." | 4.3 |
| 2014-02-12 | CVE-2014-0257 | Improper Input Validation vulnerability in Microsoft .Net Framework Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM server endpoint, aka "Type Traversal Vulnerability." | 9.3 |
| 2014-02-12 | CVE-2014-0253 | Improper Input Validation vulnerability in Microsoft .Net Framework Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service (ASP.NET daemon hang) via crafted HTTP requests that trigger persistent resource consumption for a (1) stale or (2) closed connection, as exploited in the wild in February 2014, aka "POST Request DoS Vulnerability." | 5.0 |
| 2013-10-09 | CVE-2013-3861 | Improper Input Validation vulnerability in Microsoft .Net Framework Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 allows remote attackers to cause a denial of service (application crash or hang) via crafted character sequences in JSON data, aka "JSON Parsing Vulnerability." | 7.8 |
| 2013-10-09 | CVE-2013-3860 | Improper Input Validation vulnerability in Microsoft .Net Framework Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation, which allows remote attackers to cause a denial of service (application crash or hang) via a crafted signed XML document, aka "Entity Expansion Vulnerability." | 7.8 |
| 2013-10-09 | CVE-2013-3128 | Unspecified vulnerability in Microsoft products The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5, allow remote attackers to execute arbitrary code via a crafted OpenType font (OTF) file, aka "OpenType Font Parsing Vulnerability." | 9.3 |
| 2013-07-10 | CVE-2013-3171 | Code Injection vulnerability in Microsoft .Net Framework The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability." | 9.3 |
| 2013-07-10 | CVE-2013-3134 | Code Injection vulnerability in Microsoft .Net Framework The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array Allocation Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms13-052#section6 'Systems running 32-bit versions of Windows are not affected by this vulnerability.' | 9.3 |