.NET Elevation of Privilege Vulnerability

.NET Elevation of Privilege Vulnerability

CVE-2015-2504 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts objects before performing an array copy, which allows remote attackers to (1) execute arbitrary code via a crafted XAML browser application (XBAP) or (2) bypass Code Access Security restrictions via a crafted .NET Framework application, aka ".NET Elevation of Privilege Vulnerability."

Learn more about our Web Application Penetration Testing UK.