Short Name |
HTTP:MS-DOT-NET-XAML-RCE1 |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
Microsoft .NET Framework XAML Browser Applications Stack Corruption1 |
Release Date |
2015/10/07 |
Update Number |
2543 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Microsoft .NET Framework. It is due to memory corruption when handling method calls that take structures with misaligned fields as parameters. Remote attackers could exploit this vulnerability by either enticing target users to visit a malicious web page containing an XBAP (XAML browser application), or by uploading an ASP.NET application to a vulnerable server. Successful exploitation could result in execution of arbitrary code within the security context of the currently logged on user. An unsuccessful exploit attempt may terminate the PresentationHost.exe .NET component.