| Vulnerability Name: | CVE-2014-4149 (CCN-98367) | ||||||||
| Assigned: | 2014-11-11 | ||||||||
| Published: | 2014-11-11 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly perform TypeFilterLevel checks, which allows remote attackers to execute arbitrary code via crafted data to a .NET Remoting endpoint, aka "TypeFilterLevel Vulnerability." | ||||||||
| CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-20 | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: CONFIRM Type: Vendor Advisory http://blogs.technet.com/b/srd/archive/2014/11/11/ms14-072-net-remoting-elevation-of-privilege-vulnerability.aspx Source: MITRE Type: CNA CVE-2014-4149 Source: CCN Type: Microsoft Security Bulletin MS14-072 Vulnerability in .NET Framework Could Allow Elevation of Privilege (3005210) Source: CCN Type: BID-70979 Microsoft .NET Framework CVE-2014-4149 Remote Privilege Escalation Vulnerability Source: SECTRACK Type: UNKNOWN 1031188 Source: MS Type: UNKNOWN MS14-072 Source: XF Type: UNKNOWN ms-dotnet-cve20144149-priv-esc(98367) Source: CCN Type: Packet Storm Security [11-19-2014] ExploitRemotingService .NET Tool | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||