Vulnerability Name: | CVE-2014-1806 (CCN-92842) | ||||||||
Assigned: | 2014-05-13 | ||||||||
Published: | 2014-05-13 | ||||||||
Updated: | 2018-10-12 | ||||||||
Summary: | The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability." | ||||||||
CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-94 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2014-1806 Source: CCN Type: Microsoft Security Bulletin MS14-026 Vulnerability in .NET could allow Remote Code Execution Source: CCN Type: Microsoft Security Bulletin MS14-072 Vulnerability in .NET Framework Could Allow Elevation of Privilege (3005210) Source: BID Type: VDB Entry 67286 Source: CCN Type: BID-67286 Microsoft .NET Framework TypeFilterLevel CVE-2014-1806 Remote Privilege Escalation Vulnerability Source: MS Type: UNKNOWN MS14-026 Source: XF Type: UNKNOWN ms-dotnet-cve20141806-priv-esc(92842) Source: CCN Type: Packet Storm Security [11-19-2014] ExploitRemotingService .NET Tool Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [11-17-2014] | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |