Detections
Analytics
MS15-118: Security Update for .NET Framework to Address Elevation of Privilege (3104507)
medium Nessus Plugin ID 86825
Language:
Synopsis
The version of the .NET Framework installed on the remote host is affected by multiple vulnerabilities.Description
The remote Windows host has a version of the Microsoft .NET Framework that is affected by multiple vulnerabilities :- An information disclosure vulnerability exists in the .NET Framework due to improper DTD parsing of crafted XML files. An unauthenticated, remote attacker can exploit this, via a malicious application file, to gain read access to the local files on the system.
(CVE-2015-6096)
- A cross-site scripting vulnerability exists in ASP.NET due to improper validation of values in HTTP requests.
An unauthenticated, remote attacker can exploit this to inject arbitrary script into the user's browser session.
(CVE-2015-6099)
- A security feature bypass vulnerability exists in the .NET Framework due to improper implementation of the Address Space Layout Randomization (ASLR) feature. An unauthenticated, remote attacker can exploit this, via crafted website content, to predict memory offsets in a call stack. (CVE-2015-6115)
Solution
Microsoft has released a set of patches for .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1, 4.5.2, and 4.6.See Also
Plugin Details
Severity: Medium
ID: 86825
File Name: smb_nt_ms15-118.nasl
Version: 1.12
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 11/10/2015
Updated: 5/15/2020
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.8
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.4
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N
Vulnerability Information
CPE: cpe:/o:microsoft:windows, cpe:/a:microsoft:.net_framework
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 11/10/2015
Vulnerability Publication Date: 11/10/2015