CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2014-1806

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0810%
EPSS Percentile18.62th
Published2014年5月14日
Last Modified2026年5月6日

Vulnerability Description

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability."

Affected Platforms (CPE)

📦
Microsoft

.net Framework

= 1.1
📦
Microsoft

.net Framework

= 2.0
📦
Microsoft

.net Framework

= 3.5
📦
Microsoft

.net Framework

= 3.5.1
📦
Microsoft

.net Framework

= 4.0
📦
Microsoft

.net Framework

= 4.5
📦
Microsoft

.net Framework

= 4.5.1

References & Advisories

🔗 http://www.securityfocus.com/bid/67286
🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-026
🔗 http://www.securityfocus.com/bid/67286
🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-026

相關漏洞威脅

CVE-2014-407310.0

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the Click...

CVE-2008-510010.0

The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedde...

CVE-2013-007310.0

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict ...

CVE-2014-412110.0

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifi...