CVE-2015-6115

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 2.0 SP2, 3.5, and 3.5.1

Description A security feature bypass exists in a .NET Framework component that does not properly implement the Address Space Layout Randomization (ASLR) security feature. This bypass could allow an attacker to load additional malicious code in an attempt to exploit another vulnerability. The ASLR bypass by itself does not allow arbitrary code execution, but it could be used in conjunction with another vulnerability to run arbitrary code. The issue can be exploited via a crafted web site.

Recommendations For Microsoft .NET Framework versions 2.0 SP2, 3.5, and 3.5.1, consider applying security updates or patches that properly implement the ASLR security feature to prevent bypassing of this protection mechanism. At the moment, there is no information about a newer version that contains a fix for this vulnerability.