logo

NET Framework and Vulnerabilities Assignment

4 Pages979 Words271 Views
   

Added on  2019-09-20

NET Framework and Vulnerabilities Assignment

   Added on 2019-09-20

ShareRelated Documents
ContentsExecutive Summary...................................................................................................................1Technical Description................................................................................................................1Exploitation Description.........................................................................................................1Attack Vectors........................................................................................................................1Mitigation...............................................................................................................................2Exploitation Scenario.............................................................................................................2Remediation............................................................................................................................2
NET Framework and Vulnerabilities Assignment_1
Executive Summary.NET framework is an integrated application that provides an abundant set of abilities andfeatures to the developers. The following application can be developed, executed, anddeployed using the framework. Windows Presentation Foundation (WPF) applications Windows ServicesWindows Forms applications Web servicesConsole Applications Web applications (ASP.NET applications) SOA (Service-oriented Applications)Workflow-enabled applicationsThe developers can also utilize the framework in the development of sharable components.These components and objects can then be applied and utilized is cloud or distributedcomputing environment. Object oriented model is supported by the .NET Framework and theapplications can be developed in varied set of languages, such as C#, C++, Visual Basic, etc.the interoperability and robustness of the language is maintained and promoted by theframework [1] . This gives the ability to the developers to write code once and utilize itmultiple times. Elevation of privilege is one of the vulnerabilities that are present in the .NET framework. Itwas identified win August, 2015 and has been assigned with a severity 9. Technical DescriptionExploitation DescriptionThe particular version of Microsoft .NET Framework that is installed on the remote hosts isimpacted by multiple elevations of privilege vulnerabilities. The primary cause behind thesame is that RyuJIT compiler [3] does not adequately optimize a few parameters that lead tocode generation error [2]. A remote user can give shape to the attack by convincing a user toexecute an infected application that will exploit the vulnerabilities and the control of theinfected system will be provided to the attacker. The successful execution of the attack mayalso bring up the impacts on the availability and continuity of the services which mayeventually cause service breakdown. There may be denial of service like situation that maycome up as well. There will be no forcing or pressurizing involved at the part of the attacker.The user would be required to be convinced to execute the malicious application in all thecases. Attack Vectors An attacker would host a specially developed .NET application and place it on a website,a social media site or someplace else.Attacker infects a file that could be an image, a word document, an executable file, adatabase file, a programming file or something else.The attacker then targets his or her victims via mass distribution methods such as spamemails, web-games, and infected websites and so on.Or else with the help of social engineering tactics or via mass distribution methodsdistributes these infected files to victims.
NET Framework and Vulnerabilities Assignment_2

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Windows RPC Vulnerability CVE-2008-4250: Technical Description, Attack Vectors, and Mitigation
|5
|927
|426

Microsoft Data Access Components Vulnerability Report
|5
|801
|430

Microsoft Data Access Components (MDAC) Vulnerability Report
|4
|1091
|417

CRYPTOGRAPHY AND SECURITY VULNERABILITIES OF SYSTEMS
|12
|794
|21

The Shellshock Vulnerability- Doc
|7
|1825
|99

TRANSCRIPT Slide 2: There are a few limited mitigation
|2
|443
|57