CVE-2014-1806

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 1.1 SP1 through 4.5.1

Description The issue is related to the .NET Remoting implementation, which does not properly restrict memory access. This allows remote attackers to execute arbitrary code via vectors involving malformed objects. An elevation of privilege vulnerability exists in the way that .NET Framework handles TypeFilterLevel checks for some malformed objects, allowing attackers to elevate existing privileges.

Recommendations For Microsoft .NET Framework versions 1.1 SP1 through 4.5.1, consider restricting access to .NET Remoting until a patch is available. As a temporary workaround, consider disabling the TypeFilterLevel checks for malformed objects until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.