CVE-2014-4149

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 1.1 SP1 through 4.5.2

Description The issue arises from improper TypeFilterLevel checks, allowing remote attackers to execute arbitrary code via crafted data to a .NET Remoting endpoint. This is an elevation of privilege vulnerability that exists in the way that .NET Framework handles TypeFilterLevel checks for some malformed objects. An attacker who successfully exploits this could take complete control of the affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft .NET Framework versions 1.1 SP1 through 4.5.2, consider disabling .NET Remoting endpoints until a patch is available to prevent exploitation. Restrict access to sensitive data and systems to minimize the risk of privilege elevation.