Description
The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability."
Exploits (1)
exploitdb
WORKING POC
by James Forshaw · textremotewindows
https://www.exploit-db.com/exploits/35280
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-026
VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/67286
Scores
EPSS
0.2675
EPSS Percentile
96.4%
Details
CWE
CWE-94
Status
published
Products (7)
microsoft/.net_framework
1.1 sp1
microsoft/.net_framework
2.0 sp2
microsoft/.net_framework
3.5
microsoft/.net_framework
3.5.1
microsoft/.net_framework
4.0
microsoft/.net_framework
4.5
microsoft/.net_framework
4.5.1
Published
May 14, 2014
Tracked Since
Feb 18, 2026