(MS14-004) Vulnerability in Microsoft Dynamics AX Could Allow Denial of Service (2880826)

  Severity: HIGH
  CVE Identifier: CVE-2014-0261
  Advisory Date: JAN 16, 2014

  DESCRIPTION

This security update resolves one privately reported vulnerability in Microsoft Dynamics AX. The vulnerability could allow denial of service if an authenticated attacker submits specially crafted data to an affected Microsoft Dynamics AX Application Object Server (AOS) instance. An attacker who successfully exploited this vulnerability could cause the target AOS instance to stop responding to client requests.

  SOLUTION

  AFFECTED SOFTWARE AND VERSION

  • Microsoft Dynamics AX 4.0 Service Pack 2[
  • Microsoft Dynamics AX 2009 Service Pack 1
  • Microsoft Dynamics AX 2012
  • Microsoft Dynamics AX 2012 R2