CVE-2014-4122

{"id": "CVE-2014-4122", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-10-15T10:55:07.990", "references": [{"url": "http://secunia.com/advisories/60969", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/70312", "source": "secure@microsoft.com"}, {"url": "http://www.securitytracker.com/id/1031021", "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-057", "source": "secure@microsoft.com"}, {"url": "http://secunia.com/advisories/60969", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/70312", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1031021", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-057", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive information about memory addresses by leveraging the predictability of an executable image's location, aka \".NET ASLR Vulnerability.\""}, {"lang": "es", "value": "Microsoft .NET Framework 2.0 SP2, 3.5, y 3.5.1 omite el mecanismo de protecci\u00f3n ASLR, lo que permite a atacantes remotos obtener informaci\u00f3n potencialmente sensible sobre las direcciones de la memoria mediante el aprovechamiento de la previsibilidad de la localizaci\u00f3n de un imagen ejecutable, tambi\u00e9n conocido como 'vulnerabilidad .NET ASLR.'"}], "lastModified": "2024-11-21T02:09:32.880", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279"}, {"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688"}, {"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EDC4407-7E92-4E60-82F0-0C87D1860D3A"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}