You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
ms14-057
About this tag
MS14-057 is a critical security bulletin from Microsoft, released on October 14, 2014, addressing three privately reported vulnerabilities in the .NET Framework. The most severe vulnerability could allow remote code execution if an attacker sends a specially crafted URI request containing international characters to a .NET web application, causing ASP.NET to generate incorrectly constructed URIs. In .NET 4.0 applications, the vulnerable functionality (iriParsing) is disabled by default, requiring explicit enabling for exploitation. In .NET 4.5 applications, iriParsing is enabled by default. This update is rated Critical and applies to affected versions of the .NET Framework.
Severity Rating: Critical
Revision Note: V1.0 (October 14, 2014): Bulletin published.
Summary: This security update resolves three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow remote code execution if an attacker sends a...