Title

Multiple Remote Code Execution Vulnerabilities in Microsoft .NET Framework (Cat I impact)

Discussion

Microsoft has released a security bulletin addressing multiple remote code execution vulnerabilities in the .NET Framework. The Microsoft .NET Framework is a component of the Microsoft Windows operating system that enables building and running software applications and Web services. To exploit these vulnerabilities, an attacker would create a malicious website containing XBAP (XAML browser application) or execute remote code on a server system running IIS, if that server allows processing ASP.NET pages. If successfully exploited, an attacker would gain the ability to execute arbitrary code over the compromised system.

Check Content

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-34955

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.