CyberSec.Space Logo
Back to CVE Browser

CVE-2014-1806

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0810%
EPSS Percentile18.62th
PublishedMay 14, 2014
Last ModifiedMay 6, 2026

Vulnerability Description

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability."

Affected Platforms (CPE)

πŸ“¦
Microsoft

.net Framework

= 1.1
πŸ“¦
Microsoft

.net Framework

= 2.0
πŸ“¦
Microsoft

.net Framework

= 3.5
πŸ“¦
Microsoft

.net Framework

= 3.5.1
πŸ“¦
Microsoft

.net Framework

= 4.0
πŸ“¦
Microsoft

.net Framework

= 4.5
πŸ“¦
Microsoft

.net Framework

= 4.5.1

References & Advisories

πŸ”— http://www.securityfocus.com/bid/67286
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-026
πŸ”— http://www.securityfocus.com/bid/67286
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-026

Related Vulnerabilities

CVE-2014-407310.0

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the Click...

CVE-2008-510010.0

The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedde...

CVE-2013-007310.0

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict ...

CVE-2014-412110.0

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifi...