MS.NET.Framework.Remote.Code.Execution.Vulnerability.MS14-057

description-logoDescription

.NET framework is a software development framework developed by Microsoft.
The most severe of the vulnerabilities could allow remote code execution if an attacker sends a specially crafted URI request containing international characters to a .NET web application. In .NET 4.0 and below applications, the vulnerable functionality (iriParsing) is disabled by default; for the vulnerability to be exploitable an application has to explicitly enable this functionality. In .NET 4.5 applications, iriParsing is enabled by default and cannot be disabled.

affected-products-logoAffected Products

Windows Vista SP2
Windows 7 SP1
Windows 8 and Windows 8.1
Windows Server 2003 SP2
Windows Server 2008 SP2
Windows Server 2008 R2 SP1
Windows Server 2012 and Windows Server 2012 R2

Impact logoImpact

The vulnerable system could allow a remote attacker to retrieve content or modify application setting on the system, therefore there is a risk of creating a denial of service scenario, exposing sensitive information or executing arbitrary code.

recomended-action-logoRecommended Actions

Please download and apply patches as instructed in https://technet.microsoft.com/library/security/ms14-057.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)