CVE-2014-4062

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, and 3.5.1 does not properly implement the ASLR protection mechanism, which allows remote attackers to obtain sensitive address information via a crafted web site, aka ".NET ASLR Vulnerability."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
microsoftCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
microsoft.net_framework
1.1:sp1
microsoft.net_framework
2.0:sp2
microsoft.net_framework
3.0:sp2
microsoft.net_framework
3.5
microsoft.net_framework
3.5.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/69145
http://www.securitytracker.com/id/1030721
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-046
http://www.securityfocus.com/bid/69145
http://www.securitytracker.com/id/1030721
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-046