CVE-2014-1806

Microsoft .NET Framework <4.5.2 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-1806. PoCs published by James Forshaw.

AI-analyzed exploit summary This is a .NET Remoting Service exploit tool targeting CVE-2014-1806 and CVE-2014-4149, allowing remote command execution, file transfer, and directory listing on vulnerable Windows systems. It supports both TCP and IPC channels with various options for authentication and serialization methods.

Description

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability."

Exploits (1)

exploitdb WORKING POC
by James Forshaw · textremotewindows
https://www.exploit-db.com/exploits/35280

This is a .NET Remoting Service exploit tool targeting CVE-2014-1806 and CVE-2014-4149, allowing remote command execution, file transfer, and directory listing on vulnerable Windows systems. It supports both TCP and IPC channels with various options for authentication and serialization methods.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: .NET Remoting Services (versions 2 and 4)
No auth needed
Prerequisites: Knowledge of the .NET Remoting service name and port/pipe name · Network access to the target service
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/67286

Scores

EPSS 0.3959
EPSS Percentile 98.4%

Details

CWE
CWE-94
Status published
Products (7)
microsoft/.net_framework 1.1 sp1
microsoft/.net_framework 2.0 sp2
microsoft/.net_framework 3.5
microsoft/.net_framework 3.5.1
microsoft/.net_framework 4.0
microsoft/.net_framework 4.5
microsoft/.net_framework 4.5.1
Published May 14, 2014
Tracked Since Feb 18, 2026