Detections
Analytics

MS15-101: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3089662)

high Nessus Plugin ID 85847

Language:

Synopsis

The version of the .NET Framework installed on the remote host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities in the Microsoft .NET Framework :

 - An elevation of privilege vulnerability exists due to improper validation of the number of objects in memory before they are copied into an array. A remote, unauthenticated attacker can exploit this to bypass Code Access Security (CAS) restrictions by convincing a user to run an untrusted .NET application or to visit a website containing a malicious XAML browser application.
 (CVE-2015-2504)

 - A denial of service vulnerability exists due to improper handling of specially crafted requests to an ASP .NET server. A remote, unauthenticated attacker can exploit this to degrade performance. (CVE-2015-2526)

Solution

Microsoft has released a set of patches for .NET Framework 2.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6.

See Also

https://www.nessus.org/u?682179a8

Plugin Details

Severity: High

ID: 85847

File Name: smb_nt_ms15-101.nasl

Version: 1.12

Type: local

Agent: windows

Published: 9/8/2015

Updated: 5/15/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows, cpe:/a:microsoft:.net_framework

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/8/2015

Vulnerability Publication Date: 9/8/2015

Reference Information

CVE: CVE-2015-2504, CVE-2015-2526

BID: 76560, 76567