Summary
This host is missing an important security update according to Microsoft advisory (2905247).
Impact
Successful exploitation will allow remote attackers to use specially crafted HTTP content to inject code to be run in the context of the service account on the ASP.NET server.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, https://technet.microsoft.com/en-us/security/advisory/2905247
Insight
Flaw is due to the view state that exists when Machine Authentication Code (MAC) validation is disabled through configuration settings.
Affected
Microsoft .NET Framework versions 1.1, 2.0, 3.5, 3.5.1, 4.0, 4.5 and 4.5.1
Detection
Get the vulnerable file version and check appropriate patch is applied or not.
References
Severity
Classification
-
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Mozilla/Firefox user interface spoofing
- Microsoft Windows 32-bit Platforms Unspecified vulnerabilities
- Microsoft Sidebar and Gadgets Remote Code Execution Vulnerability (2719662)
- Microsoft Unauthorized Digital Certificates Spoofing Vulnerability (2728973)
- Update to Improve Credentials Protection and Management (2871997)