CVE-2014-4121Out-of-bounds Write in Microsoft NET Framework

CWE-3993 documents3 sources
Severity
10.0CRITICALNVD
EPSS
42.5%
top 2.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft NET Framework
Timeline
PublishedOct 15
Latest updateMay 14

Description

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted request to a .NET web application, aka ".NET Framework Remote Code Execution Vulnerability."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/net_framework7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-7hh6-mp8v-mm82: Microsoft2022-05-14
CVEList
CVE-2014-4121: Microsoft2014-10-15
CVE-2014-4121 — Out-of-bounds Write in Microsoft | cvebase