CVE-2014-4149

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly perform TypeFilterLevel checks, which allows remote attackers to execute arbitrary code via crafted data to a .NET Remoting endpoint, aka "TypeFilterLevel Vulnerability."
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.5:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.5.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*

History

21 Nov 2024, 02:09

Type Values Removed Values Added
References () http://blogs.technet.com/b/srd/archive/2014/11/11/ms14-072-net-remoting-elevation-of-privilege-vulnerability.aspx - Vendor Advisory () http://blogs.technet.com/b/srd/archive/2014/11/11/ms14-072-net-remoting-elevation-of-privilege-vulnerability.aspx - Vendor Advisory
References () http://www.securitytracker.com/id/1031188 - () http://www.securitytracker.com/id/1031188 -
References () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-072 - () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-072 -

Information

Published : 2014-11-11 22:55

Updated : 2024-11-21 02:09


NVD link : CVE-2014-4149

Mitre link : CVE-2014-4149

CVE.ORG link : CVE-2014-4149


JSON object : View

Products Affected

microsoft

  • .net_framework
CWE
CWE-20

Improper Input Validation