CVE-2014-0261

Name of the Vulnerable Software and Affected Versions Microsoft Dynamics AX versions 4.0 SP2, 2009 SP1, 2012, and 2012 R2

Description The issue is related to the improper handling of specially crafted messages in the AOS format, leading to a denial of service (instance outage). This can be caused by remote authenticated users sending crafted data to an Application Object Server (AOS) instance.

Recommendations For Microsoft Dynamics AX versions 4.0 SP2, 2009 SP1, 2012, and 2012 R2, consider restricting access to the AOS instance to minimize the risk of exploitation. As a temporary workaround, consider implementing additional validation for incoming data to the AOS instance until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.