Vulnerability Details : CVE-2014-0257

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM server endpoint, aka "Type Traversal Vulnerability."
Vulnerability category: Input validationExecute code
Published 2014-02-12 04:50:40
Updated 2018-10-12 22:05:29
View at NVD,
At least one public exploit which can be used to exploit this vulnerability exists!

Exploit prediction scoring system (EPSS) score for CVE-2014-0257

Probability of exploitation activity in the next 30 days: 59.80%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2014-0257

  • MS14-009 .NET Deployment Service IE Sandbox Escape
    Disclosure Date : 2014-02-11
    This module abuses a process creation policy in Internet Explorer's sandbox, specifically in the .NET Deployment Service (dfsvc.exe), which allows the attacker to escape the Enhanced Protected Mode, and execute code with Medium Integrity. Authors: - James Forshaw - juan vazquez <[email protected]>

CVSS scores for CVE-2014-0257

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Source
[email protected]

CWE ids for CVE-2014-0257

  • The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
    Assigned by: [email protected] (Primary)

References for CVE-2014-0257

Products affected by CVE-2014-0257

This web site uses cookies for managing your session and website analytics (Google analytics) purposes as described in our privacy policy.
By using this web site you are agreeing to terms of use!