CyberSec.Space Logo
Back to CVE Browser

CVE-2014-4121

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1000%
EPSS Percentile41.19th
PublishedOct 15, 2014
Last ModifiedMay 6, 2026

Vulnerability Description

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted request to a .NET web application, aka ".NET Framework Remote Code Execution Vulnerability."

Affected Platforms (CPE)

πŸ“¦
Microsoft

.net Framework

= 2.0
πŸ“¦
Microsoft

.net Framework

= 3.5
πŸ“¦
Microsoft

.net Framework

= 3.5.1
πŸ“¦
Microsoft

.net Framework

= 4.0
πŸ“¦
Microsoft

.net Framework

= 4.5
πŸ“¦
Microsoft

.net Framework

= 4.5.1
πŸ“¦
Microsoft

.net Framework

= 4.5.2

References & Advisories

πŸ”— http://secunia.com/advisories/60969
πŸ”— http://www.securityfocus.com/bid/70351
πŸ”— http://www.securitytracker.com/id/1031021
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-057
πŸ”— http://secunia.com/advisories/60969
πŸ”— http://www.securityfocus.com/bid/70351
πŸ”— http://www.securitytracker.com/id/1031021
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-057

Related Vulnerabilities

CVE-2014-180610.0

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly res...

CVE-2008-510010.0

The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedde...

CVE-2013-007310.0

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict ...

CVE-2014-407310.0

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the Click...