Kaspersky LabKLA10614KLA10614 Code injection vulnerability in Microsoft ASP.NET MVC
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
AI Score
Confidence
High
0.127 Low
EPSS
Percentile
95.5%
XSS vulnerability was found in ASP.NET MVC. By exploiting this vulnerability malicious users can inject arbitrary script. This vulnerability can be exploited remotely via a specially designed web page.
Original advisories
Related products
CVE list
CVE-2014-4075 warning
KB list
Solution
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Impacts
- CI
Code injection. Exploitation of vulnerabilities with this impact can lead to changes in target code.
Affected Products
- Microsoft ASP.NET NVC versions 2.0, 3.0, 4.0, 5.0 and 5.1
References
support.microsoft.com/kb/2990942
support.microsoft.com/kb/2992080
support.microsoft.com/kb/2993928
support.microsoft.com/kb/2993937
support.microsoft.com/kb/2993939
support.microsoft.com/kb/2994397
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-4075
statistics.securelist.com/
threats.kaspersky.com/en/product/Microsoft-ASP.NET-MVC/
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
AI Score
Confidence
High
0.127 Low
EPSS
Percentile
95.5%