CVE-2014-0295

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 2.0 SP2 through 3.5.1

Description A security feature bypass exists in a .NET Framework component that does not properly implement Address Space Layout Randomization (ASLR). The issue allows an attacker to bypass the ASLR security feature, after which the attacker could load additional malicious code in the process in an attempt to exploit another vulnerability. This vulnerability has been exploited in the wild, with instances reported in February 2014.

Recommendations For Microsoft .NET Framework versions 2.0 SP2 through 3.5.1, consider disabling the VsaVb7rt.dll component as a temporary workaround until a patch is available. Restrict access to potentially vulnerable API endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.