CVE-2014-4149
Microsoft .NET Framework Remote Code Execution via .NET Remoting Endpoint
Title source: llmDescription
Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly perform TypeFilterLevel checks, which allows remote attackers to execute arbitrary code via crafted data to a .NET Remoting endpoint, aka "TypeFilterLevel Vulnerability."
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1031188
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-072
Vendor Advisory x_refsource_confirm
http://blogs.technet.com/b/srd/archive/2014/11/11/ms14-072-net-remoting-elevation-of-privilege-vulnerability.aspx
Scores
EPSS
0.2144
EPSS Percentile
97.3%
Details
CWE
CWE-20
Status
published
Products (8)
microsoft/.net_framework
1.1 sp1
microsoft/.net_framework
2.0 sp2
microsoft/.net_framework
3.5
microsoft/.net_framework
3.5.1
microsoft/.net_framework
4.0
microsoft/.net_framework
4.5
microsoft/.net_framework
4.5.1
microsoft/.net_framework
4.5.2
Published
Nov 11, 2014
Tracked Since
Feb 18, 2026