CVE-2014-0257

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1 - Remote Code Execution via Type Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-0257. PoCs published by Metasploit, James Forshaw, juan vazquez, including Metasploit module exploits/windows/local/ms14_009_ie_dfsvc.

AI-analyzed exploit summary This Metasploit module exploits CVE-2014-0257, a .NET Deployment Service vulnerability in Internet Explorer's Enhanced Protected Mode, allowing sandbox escape and execution of arbitrary code with Medium Integrity. It checks for vulnerable .NET versions (4.5 or 4.5.1) and leverages a DLL payload to achieve exploitation.

Description

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM server endpoint, aka "Type Traversal Vulnerability."

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/33892

This Metasploit module exploits CVE-2014-0257, a .NET Deployment Service vulnerability in Internet Explorer's Enhanced Protected Mode, allowing sandbox escape and execution of arbitrary code with Medium Integrity. It checks for vulnerable .NET versions (4.5 or 4.5.1) and leverages a DLL payload to achieve exploitation.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Microsoft .NET Framework 4.5, 4.5.1 (dfsvc.exe)
No auth needed
Prerequisites: Internet Explorer process running in Enhanced Protected Mode · Vulnerable .NET Framework version (4.5 or 4.5.1)
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC GREAT
by James Forshaw, juan vazquez · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/ms14_009_ie_dfsvc.rb

This Metasploit module exploits CVE-2014-0257, a sandbox escape vulnerability in Internet Explorer's .NET Deployment Service (dfsvc.exe), allowing code execution at Medium Integrity from Low Integrity. It checks for vulnerable .NET versions, loads a malicious DLL, and executes a PowerShell payload.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Internet Explorer 8-11 with .NET Framework 4.5 or 4.5.1
No auth needed
Prerequisites: Target running vulnerable .NET Framework version · Execution within an Internet Explorer process at Low Integrity
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029745
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/33892
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/65417
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/103163
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56793

Scores

EPSS 0.6980
EPSS Percentile 99.3%

Details

CWE
CWE-20
Status published
Products (8)
microsoft/.net_framework 1.0 sp3
microsoft/.net_framework 1.1 sp1
microsoft/.net_framework 2.0 sp2
microsoft/.net_framework 3.5
microsoft/.net_framework 3.5.1
microsoft/.net_framework 4.0
microsoft/.net_framework 4.5
microsoft/.net_framework 4.5.1
Published Feb 12, 2014
Tracked Since Feb 18, 2026