ms14-057

About this tag
MS14-057 is a critical security bulletin from Microsoft, released on October 14, 2014, addressing three privately reported vulnerabilities in the .NET Framework. The most severe vulnerability could allow remote code execution if an attacker sends a specially crafted URI request containing international characters to a .NET web application, causing ASP.NET to generate incorrectly constructed URIs. In .NET 4.0 applications, the vulnerable functionality (iriParsing) is disabled by default, requiring explicit enabling for exploitation. In .NET 4.5 applications, iriParsing is enabled by default. This update is rated Critical and applies to affected versions of the .NET Framework.
  1. News

    MS14-057 - Critical: Vulnerabilities in .NET Framework Could Allow Remote Code Execution...

    Severity Rating: Critical Revision Note: V1.0 (October 14, 2014): Bulletin published. Summary: This security update resolves three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow remote code execution if an attacker sends a...
Back
Top