Ask a question to Desklib · AI bot
NET Framework and Vulnerabilities Assignment
Added on -2019-09-20
| 4 pages
| 979 words
| 271 views
Trusted by 2+ million users,
1000+ happy students everyday
ContentsExecutive Summary...................................................................................................................1Technical Description................................................................................................................1Exploitation Description.........................................................................................................1Attack Vectors........................................................................................................................1Mitigation...............................................................................................................................2Exploitation Scenario.............................................................................................................2Remediation............................................................................................................................2
Executive Summary.NET framework is an integrated application that provides an abundant set of abilities andfeatures to the developers. The following application can be developed, executed, anddeployed using the framework. Windows Presentation Foundation (WPF) applications Windows ServicesWindows Forms applications Web servicesConsole Applications Web applications (ASP.NET applications) SOA (Service-oriented Applications)Workflow-enabled applicationsThe developers can also utilize the framework in the development of sharable components.These components and objects can then be applied and utilized is cloud or distributedcomputing environment. Object oriented model is supported by the .NET Framework and theapplications can be developed in varied set of languages, such as C#, C++, Visual Basic, etc.the interoperability and robustness of the language is maintained and promoted by theframework [1] . This gives the ability to the developers to write code once and utilize itmultiple times. Elevation of privilege is one of the vulnerabilities that are present in the .NET framework. Itwas identified win August, 2015 and has been assigned with a severity 9. Technical DescriptionExploitation DescriptionThe particular version of Microsoft .NET Framework that is installed on the remote hosts isimpacted by multiple elevations of privilege vulnerabilities. The primary cause behind thesame is that RyuJIT compiler [3] does not adequately optimize a few parameters that lead tocode generation error [2]. A remote user can give shape to the attack by convincing a user toexecute an infected application that will exploit the vulnerabilities and the control of theinfected system will be provided to the attacker. The successful execution of the attack mayalso bring up the impacts on the availability and continuity of the services which mayeventually cause service breakdown. There may be denial of service like situation that maycome up as well. There will be no forcing or pressurizing involved at the part of the attacker.The user would be required to be convinced to execute the malicious application in all thecases. Attack Vectors An attacker would host a specially developed .NET application and place it on a website,a social media site or someplace else.Attacker infects a file that could be an image, a word document, an executable file, adatabase file, a programming file or something else.The attacker then targets his or her victims via mass distribution methods such as spamemails, web-games, and infected websites and so on.Or else with the help of social engineering tactics or via mass distribution methodsdistributes these infected files to victims.
Found this document preview useful?
You are reading a preview
Upload your documents to download
or
Become a Desklib member to get accesss
Paid Plans
Free Plan
Single Unlock
Monthly Plan
Yearly Plan