返回 CVE 浏览器

CVE-2014-4121

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1000%

EPSS Percentile41.19th

Published2014年10月15日

Last Modified2026年5月6日

Vulnerability Description

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted request to a .NET web application, aka ".NET Framework Remote Code Execution Vulnerability."

Affected Platforms (CPE)

📦

Microsoft

.net Framework

= 2.0

📦

Microsoft

.net Framework

= 3.5

📦

Microsoft

.net Framework

= 3.5.1

📦

Microsoft

.net Framework

= 4.0

📦

Microsoft

.net Framework

= 4.5

📦

Microsoft

.net Framework

= 4.5.1

📦

Microsoft

.net Framework

= 4.5.2

References & Advisories

🔗 http://secunia.com/advisories/60969

🔗 http://www.securityfocus.com/bid/70351

🔗 http://www.securitytracker.com/id/1031021

🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-057

🔗 http://secunia.com/advisories/60969

🔗 http://www.securityfocus.com/bid/70351

🔗 http://www.securitytracker.com/id/1031021

🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-057

相关漏洞威胁

CVE-2014-180610.0

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly res...

CVE-2008-510010.0

The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedde...

CVE-2013-007310.0

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict ...

CVE-2014-407310.0

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the Click...