Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly perform TypeFilterLevel checks, which allows remote attackers to execute arbitrary code via crafted data to a .NET Remoting endpoint, aka "TypeFilterLevel Vulnerability."
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:09
Type | Values Removed | Values Added |
---|---|---|
References | () http://blogs.technet.com/b/srd/archive/2014/11/11/ms14-072-net-remoting-elevation-of-privilege-vulnerability.aspx - Vendor Advisory | |
References | () http://www.securitytracker.com/id/1031188 - | |
References | () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-072 - |
Information
Published : 2014-11-11 22:55
Updated : 2024-11-21 02:09
NVD link : CVE-2014-4149
Mitre link : CVE-2014-4149
CVE.ORG link : CVE-2014-4149
JSON object : View
Products Affected
microsoft
- .net_framework
CWE
CWE-20
Improper Input Validation