1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

MS14-057 - Critical: Vulnerabilities in .NET Framework Could Allow Remote Code Execution...

Discussion in 'Security Updates' started by Microsoft Security, Oct 14, 2014.

  1. Microsoft Security

    Microsoft Security Guest

    Severity Rating: Critical
    Revision Note: V1.0 (October 14, 2014): Bulletin published.
    Summary: This security update resolves three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow remote code execution if an attacker sends a specially crafted URI request containing international characters to a .NET web application, causing ASP.NET to generate incorrectly constructed URIs. In .NET 4.0 applications, the vulnerable functionality (iriParsing) is disabled by default; for the vulnerability to be exploitable an application has to explicitly enable this functionality. In .NET 4.5 applications, iriParsing is enabled by default and cannot be disabled.

    View the full article
     
    Microsoft Security, Oct 14, 2014
    #1

Share This Page