CVE-2014-4149

Microsoft .NET Framework Remote Code Execution via .NET Remoting Endpoint

Title source: llm
STIX 2.1

Description

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly perform TypeFilterLevel checks, which allows remote attackers to execute arbitrary code via crafted data to a .NET Remoting endpoint, aka "TypeFilterLevel Vulnerability."

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1031188

Scores

EPSS 0.2144
EPSS Percentile 97.3%

Details

CWE
CWE-20
Status published
Products (8)
microsoft/.net_framework 1.1 sp1
microsoft/.net_framework 2.0 sp2
microsoft/.net_framework 3.5
microsoft/.net_framework 3.5.1
microsoft/.net_framework 4.0
microsoft/.net_framework 4.5
microsoft/.net_framework 4.5.1
microsoft/.net_framework 4.5.2
Published Nov 11, 2014
Tracked Since Feb 18, 2026