Vulnerability Description
The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | .Net Framework | 1.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/67286VDB Entry
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-02
- http://www.securityfocus.com/bid/67286VDB Entry
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-02
FAQ
What is CVE-2014-1806?
CVE-2014-1806 is a vulnerability with a CVSS score of 10.0 (HIGH). The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrar...
How severe is CVE-2014-1806?
CVE-2014-1806 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-1806?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft .Net Framework.