CVE-2014-0295 Information

Description

VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism which makes it easier for remote attackers to execute arbitrary code via a crafted web site as exploited in the wild in February 2014 aka \VSAVB7RT ASLR Vulnerability.\

Reference

http://osvdb.org/103164 http://secunia.com/advisories/56793 http://www.greyhathacker.net/?p=585 http://www.securityfocus.com/bid/65418 http://www.securitytracker.com/id/1029745 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-009