Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	APP:MSDOTNET-CVE-2014-1806
Severity	Major
Recommended	No
Recommended Action	Drop
Category	APP
Keywords	Microsoft .NET Framework CVE-2014-1806 Arbitrary Code Execution
Release Date	2014/05/13
Update Number	2373
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

APP: Microsoft .NET Framework CVE-2014-1806 Arbitrary Code Execution

This signature detects attempts to exploit a known vulnerability against Microsoft .NET Framework. A successful attack can allow a remote attacker to call arbitrary methods, leading to arbitrary code execution.

Extended Description

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability."

Affected Products

Microsoft .net_framework 1.1
Microsoft .net_framework 2.0
Microsoft .net_framework 3.5
Microsoft .net_framework 3.5.1
Microsoft .net_framework 4.0
Microsoft .net_framework 4.5
Microsoft .net_framework 4.5.1

References

CVE: CVE-2014-1806

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

APP: Microsoft .NET Framework CVE-2014-1806 Arbitrary Code Execution

Extended Description

Affected Products

References