Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1806

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2014-1806
Last Modified 21 Jun 2014 12:39:54
Published 14 May 2014 07:13:06
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-1806

Summary

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability."

Vulnerable Systems

Application

  • Microsoft .net Framework 1.1

  • Microsoft .net Framework 2.0

  • Microsoft .net Framework 3.5

  • Microsoft .net Framework 3.5.1

  • Microsoft .net Framework 4.0

  • Microsoft .net Framework 4.5

  • Microsoft .net Framework 4.5.1


References

MS - MS14-026

BID - 67286


Last Updated: 27 May 2016 11:05:15