Microsoft » .net Framework : Security Vulnerabilities, CVEs, Published In 2014 (Code Execution) CVSS score >= 6
Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly perform TypeFilterLevel checks, which allows remote attackers to execute arbitrary code via crafted data to a .NET Remoting endpoint, aka "TypeFilterLevel Vulnerability."
Max CVSS
9.3
EPSS Score
38.05%
Published
2014-11-11
Updated
2018-10-12
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted request to a .NET web application, aka ".NET Framework Remote Code Execution Vulnerability."
Max CVSS
10.0
EPSS Score
92.62%
Published
2014-10-15
Updated
2018-10-12
The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability."
Max CVSS
10.0
EPSS Score
38.56%
Published
2014-05-14
Updated
2018-10-12
CVE-2014-0257
Public exploit
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM server endpoint, aka "Type Traversal Vulnerability."
Max CVSS
9.3
EPSS Score
71.40%
Published
2014-02-12
Updated
2018-10-12
4 vulnerabilities found