This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2014-02-11
Product .Net Framework Last view 2015-11-11
Version 4.5.1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:.net_framework

Activity : Overall

Related : CVE

  Date Alert Description
4.3 2015-11-11 CVE-2015-6099

Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka ".NET Elevation of Privilege Vulnerability."

4.3 2015-11-11 CVE-2015-6096

The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability."

5 2015-09-08 CVE-2015-2526

Microsoft .NET Framework 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to cause a denial of service to an ASP.NET web site via crafted requests, aka "MVC Denial of Service Vulnerability."

9.3 2015-09-08 CVE-2015-2504

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts objects before performing an array copy, which allows remote attackers to (1) execute arbitrary code via a crafted XAML browser application (XBAP) or (2) bypass Code Access Security restrictions via a crafted .NET Framework application, aka ".NET Elevation of Privilege Vulnerability."

9.3 2015-08-14 CVE-2015-2464

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2463.

9.3 2015-08-14 CVE-2015-2463

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2464.

9.3 2015-08-14 CVE-2015-2462

ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."

9.3 2015-08-14 CVE-2015-2460

ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."

9.3 2015-08-14 CVE-2015-2456

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2455.

9.3 2015-08-14 CVE-2015-2455

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2456.

9.3 2015-08-14 CVE-2015-2435

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Silverlight before 5.1.40728 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability."

9.3 2015-05-13 CVE-2015-1673

The Windows Forms (aka WinForms) libraries in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allow user-assisted remote attackers to execute arbitrary code via a crafted partial-trust application, aka "Windows Forms Elevation of Privilege Vulnerability."

5 2015-05-13 CVE-2015-1672

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allows remote attackers to cause a denial of service (recursion and performance degradation) via crafted encrypted data in an XML document, aka ".NET XML Decryption Denial of Service Vulnerability."

9.3 2015-05-13 CVE-2015-1671

The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability."

4.3 2015-05-13 CVE-2015-1670

The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, allows remote attackers to obtain sensitive information from process memory via a crafted OpenType font on a web site, aka "OpenType Font Parsing Vulnerability."

2.6 2015-04-14 CVE-2015-1648

ASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, when the customErrors configuration is disabled, allows remote attackers to obtain sensitive configuration-file information via a crafted request, aka "ASP.NET Information Disclosure Vulnerability."

9.3 2014-11-11 CVE-2014-4149

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly perform TypeFilterLevel checks, which allows remote attackers to execute arbitrary code via crafted data to a .NET Remoting endpoint, aka "TypeFilterLevel Vulnerability."

10 2014-10-15 CVE-2014-4121

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted request to a .NET web application, aka ".NET Framework Remote Code Execution Vulnerability."

10 2014-10-15 CVE-2014-4073

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka ".NET ClickOnce Elevation of Privilege Vulnerability."

5 2014-09-09 CVE-2014-4072

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly use a hash table for request data, which allows remote attackers to cause a denial of service (resource consumption and ASP.NET performance degradation) via crafted requests, aka ".NET Framework Denial of Service Vulnerability."

10 2014-05-14 CVE-2014-1806

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability."

9.3 2014-02-11 CVE-2014-0257

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM server endpoint, aka "Type Traversal Vulnerability."

5 2014-02-11 CVE-2014-0253

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service (ASP.NET daemon hang) via crafted HTTP requests that trigger persistent resource consumption for a (1) stale or (2) closed connection, as exploited in the wild in February 2014, aka "POST Request DoS Vulnerability."

CWE : Common Weakness Enumeration

%idName
43% (10) CWE-20 Improper Input Validation
8% (2) CWE-399 Resource Management Errors
8% (2) CWE-264 Permissions, Privileges, and Access Controls
8% (2) CWE-200 Information Exposure
8% (2) CWE-19 Data Handling
4% (1) CWE-310 Cryptographic Issues
4% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
4% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
4% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
4% (1) CWE-17 Code

ExploitDB Exploits

id Description
35280 .NET Remoting Services Remote Command Execution
33892 MS14-009 .NET Deployment Service IE Sandbox Escape

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0213 Multiple Vulnerabilities in Microsoft .NET Framework (MS15-101)
Severity: Category II - VMSKEY: V0061387
2015-A-0196 Multiple Vulnerabilities in Microsoft Graphics Component (MS15-080)
Severity: Category II - VMSKEY: V0061311
2015-A-0105 Multiple Vulnerabilities in Microsoft .NET Framework (MS15-048)
Severity: Category II - VMSKEY: V0060647
2015-A-0089 Microsoft .NET Framework Information Disclosure Vulnerability (MS15-041)
Severity: Category I - VMSKEY: V0059893
2014-A-0173 Microsoft .NET Framework Remote Privilege Escalation Vulnerability
Severity: Category I - VMSKEY: V0057383
2014-A-0147 Multiple Vulnerabilities in Microsoft .NET Framework
Severity: Category I - VMSKEY: V0055427
2014-A-0073 Microsoft .NET Framework Privilege Escalation Vulnerability
Severity: Category I - VMSKEY: V0050455
2014-B-0013 Multiple Vulnerabilities in Microsoft .NET Framework
Severity: Category I - VMSKEY: V0044036

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2016-03-14 Microsoft Windows ClickOnce information disclosure attempt
RuleID : 36713 - Type : OS-WINDOWS - Revision : 2
2016-03-14 Microsoft Windows ClickOnce information disclosure attempt
RuleID : 36712 - Type : OS-WINDOWS - Revision : 2
2015-10-14 Microsoft Windows System.DirectoryServices.Protocols.Utility class memory ove...
RuleID : 36015 - Type : OS-WINDOWS - Revision : 2
2015-10-14 Microsoft Windows System.DirectoryServices.Protocols.Utility class memory ove...
RuleID : 36014 - Type : OS-WINDOWS - Revision : 2
2015-10-06 Microsoft System.Uri heap corruption attempt
RuleID : 35857 - Type : FILE-OTHER - Revision : 4
2015-09-10 Microsoft Windows malformed TTF table hmtx remote code execution attempt
RuleID : 35530 - Type : FILE-OTHER - Revision : 2
2015-09-10 Microsoft Windows malformed TTF table hmtx remote code execution attempt
RuleID : 35529 - Type : FILE-OTHER - Revision : 2
2015-09-10 Microsoft Windows TrueType font parsing integer underflow attempt
RuleID : 35526 - Type : OS-WINDOWS - Revision : 4
2015-09-10 Microsoft Windows TrueType font parsing integer underflow attempt
RuleID : 35525 - Type : OS-WINDOWS - Revision : 4
2015-09-10 Microsoft Windows TTF invalid system memory access attempt
RuleID : 35524 - Type : OS-WINDOWS - Revision : 4
2015-09-10 Microsoft Windows TTF invalid system memory access attempt
RuleID : 35523 - Type : OS-WINDOWS - Revision : 4
2015-09-10 Microsoft Windows kernel-mode driver TTF file glyf table out of bounds attempt
RuleID : 35520 - Type : FILE-OTHER - Revision : 3
2015-09-10 Microsoft Windows kernel-mode driver TTF file glyf table out of bounds attempt
RuleID : 35519 - Type : FILE-OTHER - Revision : 3
2015-09-10 Microsoft Windows ATFM.DLL malformed OTF use-after-free attempt
RuleID : 35516 - Type : OS-WINDOWS - Revision : 2
2015-09-10 Microsoft Windows ATFM.DLL malformed OTF use-after-free attempt
RuleID : 35515 - Type : OS-WINDOWS - Revision : 2
2015-09-10 Microsoft Windows GDI DrvQueryFontData function uninitialized glyph data remo...
RuleID : 35492 - Type : FILE-OTHER - Revision : 3
2015-09-10 Microsoft Windows GDI DrvQueryFontData function uninitialized glyph data remo...
RuleID : 35491 - Type : FILE-OTHER - Revision : 3
2015-09-10 Microsoft Windows atmfd.dll font driver malformed OTF file remote code execut...
RuleID : 35486 - Type : FILE-OTHER - Revision : 2
2015-09-10 Microsoft Windows atmfd.dll font driver malformed OTF file remote code execut...
RuleID : 35485 - Type : FILE-OTHER - Revision : 2
2015-06-17 Microsoft Windows Win32k TrueType Font parsing out of bounds attempt
RuleID : 34441 - Type : OS-WINDOWS - Revision : 2
2015-06-17 Microsoft Windows Win32k TrueType Font parsing out of bounds attempt
RuleID : 34440 - Type : OS-WINDOWS - Revision : 2
2015-06-17 Microsoft Windows .NET XML recursive call denial of service attempt
RuleID : 34435 - Type : OS-WINDOWS - Revision : 3
2015-06-17 Microsoft Windows .NET XML recursive call denial of service attempt
RuleID : 34434 - Type : OS-WINDOWS - Revision : 3
2015-06-17 Microsoft Windows Calendar object heap corruption attempt
RuleID : 34402 - Type : OS-WINDOWS - Revision : 2
2015-06-17 Microsoft Windows Calendar object heap corruption attempt
RuleID : 34401 - Type : OS-WINDOWS - Revision : 2

Nessus® Vulnerability Scanner

id Description
2015-11-10 Name: The version of the .NET Framework installed on the remote host is affected by...
File: smb_nt_ms15-118.nasl - Type: ACT_GATHER_INFO
2015-09-08 Name: The version of the .NET Framework installed on the remote host is affected by...
File: smb_nt_ms15-101.nasl - Type: ACT_GATHER_INFO
2015-08-12 Name: A multimedia application framework installed on the remote Mac OS X host is a...
File: macosx_ms15-080.nasl - Type: ACT_GATHER_INFO
2015-08-12 Name: The remote host is affected by multiple vulnerabilities.
File: smb_nt_ms15-080.nasl - Type: ACT_GATHER_INFO
2015-05-13 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms15-044.nasl - Type: ACT_GATHER_INFO
2015-05-12 Name: A multimedia application framework installed on the remote Mac OS X host is a...
File: macosx_ms15-049.nasl - Type: ACT_GATHER_INFO
2015-05-12 Name: The version of the .NET Framework installed on the remote host is affected by...
File: smb_nt_ms15-048.nasl - Type: ACT_GATHER_INFO
2015-04-14 Name: The version of the Microsoft .NET Framework installed on the remote host is a...
File: smb_nt_ms15-041.nasl - Type: ACT_GATHER_INFO
2014-11-12 Name: The version of the .NET Framework installed on the remote host is affected by...
File: smb_nt_ms14-072.nasl - Type: ACT_GATHER_INFO
2014-10-15 Name: The version of the .NET Framework installed on the remote host is affected by...
File: smb_nt_ms14-057.nasl - Type: ACT_GATHER_INFO
2014-09-10 Name: The version of the .NET Framework installed on the remote host is affected by...
File: smb_nt_ms14-053.nasl - Type: ACT_GATHER_INFO
2014-05-14 Name: The version of the .NET Framework installed on the remote host is affected by...
File: smb_nt_ms14-026.nasl - Type: ACT_GATHER_INFO
2014-02-12 Name: The version of the .NET Framework installed on the remote host is affected by...
File: smb_nt_ms14-009.nasl - Type: ACT_GATHER_INFO