Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-1806Code Injection in Microsoft NET Framework

CWE-94Code Injection5 documents5 sources
Severity
10.0CRITICALNVD
EPSS
26.8%
top 3.65%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft NET Framework
Timeline
PublishedMay 14
Latest updateMay 14

Description

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/net_framework7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-9xm9-p5v4-94q8: The2022-05-14
CVEList
CVE-2014-1806: The2014-05-14

💥Exploits & PoCs

1
Exploit-DB
.NET Remoting Services - Remote Command Execution2014-11-17

📋Vendor Advisories

1
Red Hat
samba: no access check verification on stream files2013-10-25
CVE-2014-1806 — Code Injection in Microsoft | cvebase