CVE-2014-1806

EUVD-2014-1880
The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability."
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Affected Products (NVD)
VendorProductVersion
microsoft.net_framework
1.1:sp1
microsoft.net_framework
2.0:sp2
microsoft.net_framework
3.5
microsoft.net_framework
3.5.1
microsoft.net_framework
4.0
microsoft.net_framework
4.5
microsoft.net_framework
4.5.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/67286
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-026
http://www.securityfocus.com/bid/67286
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-026