CyberSec.Space Logo
CVEブラウザに戻る

CVE-2014-1806

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0810%
EPSS Percentile18.62th
Published2014年5月14日
Last Modified2026年5月6日

Vulnerability Description

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability."

Affected Platforms (CPE)

📦
Microsoft

.net Framework

= 1.1
📦
Microsoft

.net Framework

= 2.0
📦
Microsoft

.net Framework

= 3.5
📦
Microsoft

.net Framework

= 3.5.1
📦
Microsoft

.net Framework

= 4.0
📦
Microsoft

.net Framework

= 4.5
📦
Microsoft

.net Framework

= 4.5.1

References & Advisories

🔗 http://www.securityfocus.com/bid/67286
🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-026
🔗 http://www.securityfocus.com/bid/67286
🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-026

関連する脆弱性情報

CVE-2014-407310.0

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the Click...

CVE-2008-510010.0

The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedde...

CVE-2013-007310.0

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict ...

CVE-2014-412110.0

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifi...