Microsoft .NET Framework ‘iriParsing’ Remote Code Execution Vulnerabilities

Summary

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted request to a .NET web application, aka ‘.NET Framework Remote Code Execution Vulnerability.’

Credit:

Details

Vulnerable Systems:
 * Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2

Immune Systems:
 * Microsoft .NET Framework after 4.5.2

Microsoft .NET Framework is prone to a remote code-execution vulnerability. Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of the application. Failed exploit attempts will result in denial-of-service conditions.

CVE Information:
CVE-2014-4121

Disclosure Timeline:
Original release date: 10/15/2014
Last revised: 10/31/2014

Categories: Windows