Back to KEVs

CVE-2014-0295

VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism, which makes it easier for remote...

Basic Information

CVE State
PUBLISHED
Reserved Date
December 03, 2013
Published Date
February 12, 2014
Last Updated
August 06, 2024
Vendor
Microsoft
Product
.NET Framework
Description
VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in February 2014, aka "VSAVB7RT ASLR Vulnerability."
Tags
dotnet

CVSS Scores

CVSS v2.0

4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploit Status

Exploited in the Wild
Yes (2014-02-12 02:00:00 UTC) Source

References

http://www.securitytracker.com/id/1029745 http://osvdb.org/103164 http://www.securityfocus.com/bid/65418 http://www.greyhathacker.net/?p=585 http://secunia.com/advisories/56793 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-009

Known Exploited Vulnerability Information

Source Added Date
CVE 2014-02-12 02:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel