Short Name |
APP:MSDOTNET-CVE-2014-1806 |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Microsoft .NET Framework CVE-2014-1806 Arbitrary Code Execution |
Release Date |
2014/05/13 |
Update Number |
2373 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Microsoft .NET Framework. A successful attack can allow a remote attacker to call arbitrary methods, leading to arbitrary code execution.
The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability."