MS KB2905247: Insecure ASP.NET Site Configuration Could Allow Elevation of Privilege

high Nessus Plugin ID 71323

Synopsis

The .NET Framework installed on the remote Windows host is affected by a privilege escalation vulnerability.

Description

The version of the .NET Framework installed on the remote Windows host is affected by a privilege escalation vulnerability that allows a remote attacker to inject and execute arbitrary code in the context of the service account for the ASP.NET server.

This advisory was re-released on September 9, 2014 to offer the security update via Microsoft Update, and to address an issue that occasionally caused 'Page.IsPostBack' to return an incorrect value in some of the affected software.

Solution

Microsoft has released a set of patches for .NET Framework 1.1, 2.0, 3.5, 3.5.1, 4.0, 4.5, and 4.5.1.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2013/2905247

Plugin Details

Severity: High

ID: 71323

File Name: smb_kb2905247.nasl

Version: 1.7

Type: local

Agent: windows

Family: Windows

Published: 12/11/2013

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Patch Publication Date: 12/10/2013

Vulnerability Publication Date: 12/10/2013

Reference Information

MSKB: 2905247