CVE-2014-0257CVE-2014-0257

Affected configuration(s):

cpe:/a:microsoft:.net_framework:1.0:sp3
cpe:/a:microsoft:.net_framework:1.1:sp1
cpe:/a:microsoft:.net_framework:2.0:sp2
cpe:/a:microsoft:.net_framework:3.5
cpe:/a:microsoft:.net_framework:3.5.1
cpe:/a:microsoft:.net_framework:4.0
cpe:/a:microsoft:.net_framework:4.5
cpe:/a:microsoft:.net_framework:4.5.1

Date published: 2014-02-11T23:50:39.987-05:00

Date last modified: 2017-01-06T21:59:25.107-05:00

CVSS Score: 9.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://packetstormsecurity.com/files/127246/MS14-009-.NET-Deployment-Service-IE-Sandbox-Escape.html

Summary: Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM server endpoint, aka “Type Traversal Vulnerability.”

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.