Home / bulletins MS14-057 - Critical: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414) - Version: 1.0
Posted on 15 October 2014
There is an newer version: MS14-057 - Version: 1.1
CriticalSeverity Rating: Critical
Revision Note: V1.0 (October 14, 2014): Bulletin published.
Summary: This security update resolves three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow remote code execution if an attacker sends a specially crafted URI request containing international characters to a .NET web application, causing ASP.NET to generate incorrectly constructed URIs. In .NET 4.0 applications, the vulnerable functionality (iriParsing) is disabled by default; for the vulnerability to be exploitable an application has to explicitly enable this functionality. In .NET 4.5 applications, iriParsing is enabled by default and cannot be disabled.Other versions
- MS14-057 - Version: 1.0
- MS14-057 - Version: 1.1
