MS14-004: Vulnerability in Microsoft Dynamics AX Could Allow Denial of Service (2880826)

medium Nessus Plugin ID 71944

Synopsis

A web application on the remote host has a denial of service vulnerability.

Description

The version of Microsoft Dynamics AX installed on the remote host has a denial of service vulnerability in the Application Object Server instance. By exploiting this flaw, a remote, authenticated attacker could crash the affected service.

Solution

Microsoft has released a set of patches for Dynamics AX 4.0, Dynamics AX 2009, Dynamics AX 2012, and Dynamics AX 2012 R2.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-004

Plugin Details

Severity: Medium

ID: 71944

File Name: smb_nt_ms14-004.nasl

Version: 1.8

Type: local

Agent: windows

Published: 1/14/2014

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:microsoft:dynamics_ax

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 1/14/2014

Vulnerability Publication Date: 1/14/2014

Reference Information

CVE: CVE-2014-0261

BID: 64724

IAVB: 2014-B-0005

MSFT: MS14-004

MSKB: 2914055, 2914057, 2914058, 2920510